Blog Posts Tagged with "OWASP"

219bfe49c4e7e1a3760f307bfecb9954

Software Security: An Imperative to Change

June 05, 2014 Added by:Rohit Sethi

Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.

Comments  (1)

022aafe7eef823af1fa3931a5539ae49

How SAMM Addresses Outsourced Development

January 28, 2014 Added by:Nima Dezhkam

Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.

Comments  (0)

514b2ac354098d84c07620f2591193b2

OWASP Vulnerability Deep Dive: CSRF

October 30, 2013 Added by:Kyle Adams

While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.

Comments  (0)

B3686baa29e6fe1c9c2e3feb0f9ebf99

Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (4)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (14)

0a8cae998f9c51e3b3c0ccbaddf521aa

Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Solving Problems from the Security Viewpoint

June 07, 2012 Added by:Rafal Los

From experience, there are 3 clearly identified causes for poor adoption of well-intentioned security-built technology into everyday development and systems building... Let's take a look at them and see what can be done to raise the level of adoption from each case...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Making Things Worse by Asking all the Wrong Questions

May 14, 2012 Added by:Rafal Los

Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...

Comments  (2)

53692ae1a8e713373b8a487ce89ee3e2

Three Areas to Test when Assessing Mobile Applications

May 02, 2012 Added by:Tom Eston

Mobile Application testing is something that will evolve as mobile apps get more complex and the business drives more towards mobile solutions. If you’re deploying mobile apps for your business it’s more important than ever to have testing done on three areas at a minimum....

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Guide to the OWASP Application Security Top Ten

May 01, 2012 Added by:Fergal Glynn

Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud - A Model Driven Approach

April 27, 2012 Added by:Rafal Los

As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

On the Value of Security Conferences

April 19, 2012 Added by:Rafal Los

What's interesting is the question of business value. Management sends employees to 'security conferences' to learn something and bring it back to the organization. But what value do the ever-increasing number of security conferences provide as stand-alone events?

Comments  (1)

69dafe8b58066478aea48f3d0f384820

OWASP Releases Zed Attack Proxy (ZAP) 1.4.0

April 09, 2012 Added by:Headlines

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."

Comments  (0)

53692ae1a8e713373b8a487ce89ee3e2

Top 5 Things Learned at the SANS Mobile Device Security Summit

March 19, 2012 Added by:Tom Eston

Having a lineup of great speakers really made the summit flow as well as it did. What I liked most about this event was that there were plenty of “real world” talks on how enterprises are setting up and managing mobile deployments…real “in the trenches” types of talks...

Comments  (1)

Page « < 1 - 2 - 3 > »