Author image

11 posts

OWASP Top 10 - A10 Unvalidated Redirects and Forwards

Description If a user is redirected or forwarded to a page defined by an unverified…

Read More


Jan 29, 2014 2 min read

Philippe Cery

OWASP

OWASP Top 10 - A9 Using Components with Known Vulnerabilities

Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows…

Read More


Jan 28, 2014 3 min read

Philippe Cery

OWASP

OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)

Description An attacker sends a request to a website you are authenticated on to execute…

Read More


Jan 14, 2014 4 min read

Philippe Cery

OWASP

OWASP Top 10 - A7 Missing Function Level Access Control

Description In a web application with different user roles, authentication is not enough. Each request…

Read More


Dec 09, 2013 3 min read

Philippe Cery

OWASP

OWASP Top 10 - A6 Sensitive Data Exposure

Description We have seen in the previous articles that an experienced attacker can easily intercept…

Read More


Nov 18, 2013 4 min read

Philippe Cery

OWASP

OWASP Top 10 - A5 Security Misconfiguration

Description Nowadays, besides the operating system and the JRE, most of the Java applications are…

Read More


Nov 14, 2013 7 min read

Philippe Cery

OWASP

OWASP Top 10 - A4 Insecure Direct Object References

Description The application exposes a direct reference (functional identifier, database key, file path…) to a…

Read More


Nov 04, 2013 2 min read

Philippe Cery

OWASP

OWASP Top 10 - A3 Cross Site Scripting (XSS)

Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to…

Read More


Oct 28, 2013 3 min read

Philippe Cery

OWASP

OWASP Top 10 - A2 Broken Authentication and Session Management

Description The attacker steals his victim’s credentials or any information that will help him…

Read More


Oct 21, 2013 10 min read

Philippe Cery

OWASP

OWASP Top 10 - A1 Injection

Description The attacker sends untrusted data that will be injected in the targeted application to…

Read More


Oct 11, 2013 5 min read

Philippe Cery

OWASP

OWASP Top 10 - Introduction

When starting a new web application, the security risks are sadly often underestimated by everyone…

Read More


Oct 10, 2013 2 min read

Philippe Cery

OWASP