Search:

Blog Posts Tagged with "OWASP"

B3686baa29e6fe1c9c2e3feb0f9ebf99

Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Solving Problems from the Security Viewpoint

June 07, 2012 Added by:Rafal Los

From experience, there are 3 clearly identified causes for poor adoption of well-intentioned security-built technology into everyday development and systems building... Let's take a look at them and see what can be done to raise the level of adoption from each case...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Making Things Worse by Asking all the Wrong Questions

May 14, 2012 Added by:Rafal Los

Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...

Comments  (2)

53692ae1a8e713373b8a487ce89ee3e2

Three Areas to Test when Assessing Mobile Applications

May 02, 2012 Added by:Tom Eston

Mobile Application testing is something that will evolve as mobile apps get more complex and the business drives more towards mobile solutions. If you’re deploying mobile apps for your business it’s more important than ever to have testing done on three areas at a minimum....

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Guide to the OWASP Application Security Top Ten

May 01, 2012 Added by:Fergal Glynn

Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud - A Model Driven Approach

April 27, 2012 Added by:Rafal Los

As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

On the Value of Security Conferences

April 19, 2012 Added by:Rafal Los

What's interesting is the question of business value. Management sends employees to 'security conferences' to learn something and bring it back to the organization. But what value do the ever-increasing number of security conferences provide as stand-alone events?

Comments  (1)

69dafe8b58066478aea48f3d0f384820

OWASP Releases Zed Attack Proxy (ZAP) 1.4.0

April 09, 2012 Added by:Headlines

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."

Comments  (0)

53692ae1a8e713373b8a487ce89ee3e2

Top 5 Things Learned at the SANS Mobile Device Security Summit

March 19, 2012 Added by:Tom Eston

Having a lineup of great speakers really made the summit flow as well as it did. What I liked most about this event was that there were plenty of “real world” talks on how enterprises are setting up and managing mobile deployments…real “in the trenches” types of talks...

Comments  (1)

00c83c62ef65f17ce8e790850c596964

Secure Now or Forever...

February 24, 2012 Added by:Pamela Gupta

Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

4e21f96122846f32545687ad42b271e2

Some "LightReading" about Mobile Application Security

February 10, 2012 Added by:Security Ninja

Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...

Comments  (0)

Page « < 1 - 2 > »
Most Liked


Latest Member Comments

"installment loan"

Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013

"Counterfeiting is against the law. So it is bad to sell and buy products such as bogus.There is nothing brand new about counterfeiting...."

Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013

"Can you tell mo more about how to keep clean mess from PC anywhere can you elaborate. http://www.chemdryrapiddry.com.au/carpet-cleanin..."

Starting to Clean Up the Mess from PCAnywher... Peggy Patterson on 06-18-2013

"Have you ever dreamed that your 90′s cyberpunk movies goes real? Well, we almost there, meet the Deep Web. The Deep Web (also called ..."

What is the Deep Web? A Trip into the Abyss.... Smukke Smukke on 06-13-2013
Latest Posts