Articles Tagged with "OWASP"


From the Web

OWASP Top 10 (2010 release candidate 1)

November 13, 2009 from: Jeremiah Grossman's Blog

The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry as it exercises influence over PCI-DSS, global policy, developer awareness, and product direction. ...

Comments  (0)


From the Web

Website threats and their capabilities

June 23, 2009 from: Jeremiah Grossman's Blog

Vulnerabilities don’t exploit themselves. Someone or something (“threat”) uses an attack vector ( to exploit a vulnerability in an asset, bypassing a control, and causes a technical or business impact.

Comments  (1)


From the Web

CWE Top 25 Breakdown - Part 1 of 4

June 11, 2009 from: hackyourself.net

This week, we’ll take a look at the recently published CWE Top 25 Most Dangerous Programming Errors. Since the Top 25 are broken into three main categories, it makes sense to address the list in three separate segments. But first, let’s review what the CWE Top 25 is and its importance.

Comments  (1)


From the Web

Some Free Web App Security Testing Tools & Resources

June 11, 2009 from: hackyourself.net

We went over some of these tools at the latest North Carolina OWASP Meeting, so I thought I’d make this list available here. Enjoy!

Comments  (1)


From the Web

CWE Top 25 Breakdown - Part 2 of 4

June 07, 2009 from: hackyourself.net

Last week we introduced the CWE Top 25 Most Dangerous Programming Errors in Part 1 of a 4 part series. This week we will discuss the first nine, which have been categorized in a group called “Insecure Interaction Between Components”. Being the first nine, they are also the top 9, or the top most prevalent errors on the list. As me...

Comments  (1)