Web

Total 11 Posts

OWASP Top 10 - A10 Unvalidated Redirects and Forwards

By Philippe Céry. Description If a user is redirected or forwarded to a page defined…
Read More


Jan 29,2014

OWASP Top 10 - A9 Using Components with Known Vulnerabilities

By Philippe Céry. Description Known software vulnerabilities are available to everyone on the Internet. If…
Read More


Jan 28,2014

OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)

By Philippe Céry. Description An attacker sends a request to a website you are authenticated…
Read More


Jan 14,2014

OWASP Top 10 - A7 Missing Function Level Access Control

By Philippe Céry. Description In a web application with different user roles, authentication is not…
Read More


Dec 09,2013

OWASP Top 10 - A6 Sensitive Data Exposure

Description We have seen in the previous articles that an experienced attacker can easily intercept…
Read More


Nov 18,2013

OWASP Top 10 - A5 Security Misconfiguration

Description Nowadays, besides the operating system and the JRE, most of the Java applications are…
Read More


Nov 14,2013

OWASP Top 10 - A4 Insecure Direct Object References

Description The application exposes a direct reference (functional identifier, database key, file path…) to a…
Read More


Nov 04,2013

OWASP Top 10 - A3 Cross Site Scripting (XSS)

Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to…
Read More


Oct 28,2013

OWASP Top 10 - A2 Broken Authentication and Session Management

Description The attacker steals his victim’s credentials or any information that will help him…
Read More


Oct 21,2013

OWASP Top 10 - A1 Injection

Description The attacker sends untrusted data that will be injected in the targeted application to…
Read More


Oct 11,2013

OWASP Top 10 - Introduction

When starting a new web application, the security risks are sadly often underestimated by everyone…
Read More


Oct 10,2013