Total 12 Posts

OWASP

Security White Paper: OWASP - Building Secure Web Applications

Nowadays, software application security absolutely cannot be ignored and every IT professional must take this…

Read More


OWASP Top 10 - A10 Unvalidated Redirects and Forwards

Description If a user is redirected or forwarded to a page defined by an unverified…

Read More


Jan 29, 2014

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A9 Using Components with Known Vulnerabilities

Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows…

Read More


Jan 28, 2014

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)

Description An attacker sends a request to a website you are authenticated on to execute…

Read More


Jan 14, 2014

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A7 Missing Function Level Access Control

Description In a web application with different user roles, authentication is not enough. Each request…

Read More


Dec 09, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A6 Sensitive Data Exposure

Description We have seen in the previous articles that an experienced attacker can easily intercept…

Read More


Nov 18, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A5 Security Misconfiguration

Description Nowadays, besides the operating system and the JRE, most of the Java applications are…

Read More


Nov 14, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A4 Insecure Direct Object References

Description The application exposes a direct reference (functional identifier, database key, file path…) to a…

Read More


Nov 04, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A3 Cross Site Scripting (XSS)

Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to…

Read More


Oct 28, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A2 Broken Authentication and Session Management

Description The attacker steals his victim’s credentials or any information that will help him…

Read More


Oct 21, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - A1 Injection

Description The attacker sends untrusted data that will be injected in the targeted application to…

Read More


Oct 11, 2013

Philippe Cery

Philippe Cery

OWASP

OWASP Top 10 - Introduction

When starting a new web application, the security risks are sadly often underestimated by everyone…

Read More


Oct 10, 2013

Philippe Cery

Philippe Cery

OWASP