Total 16 Posts

Security

Integrating Civic into a Static Serverless Website (part 2 of 2)

This is the second part of this tutorial (first part here). By now your static…

Mar 28, 2019 11 min read

Tyler John Haden

Integrating Civic into a Static Serverless Website Part 1 of 2

This article describes an application that takes advantage of AWS serverless services to provide a…

Mar 25, 2019 10 min read

Tyler John Haden

Service Oriented Network Security - AWS Security Group Design

Amazon Web Services is capable of providing the infrastructure to run all of your applications…

Aug 23, 2016 9 min read

JHipster: Streamlining the Hackathon Experience

For most 24 hour Hackathons, the work starts a week or two prior to the…

Jan 13, 2016 3 min read

Security White Paper: OWASP - Building Secure Web Applications

Nowadays, software application security absolutely cannot be ignored and every IT professional must take this…

Jul 17, 2014 1 min read

Victoria De Belilovsky

OWASP Top 10 - A10 Unvalidated Redirects and Forwards

Description If a user is redirected or forwarded to a page defined by an unverified…

Jan 29, 2014 2 min read

OWASP Top 10 - A9 Using Components with Known Vulnerabilities

Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows…

Jan 28, 2014 3 min read

OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)

Description An attacker sends a request to a website you are authenticated on to execute…

Jan 14, 2014 4 min read

OWASP Top 10 - A7 Missing Function Level Access Control

Description In a web application with different user roles, authentication is not enough. Each request…

Dec 09, 2013 3 min read

OWASP Top 10 - A6 Sensitive Data Exposure

Description We have seen in the previous articles that an experienced attacker can easily intercept…

Nov 18, 2013 4 min read

OWASP Top 10 - A5 Security Misconfiguration

Description Nowadays, besides the operating system and the JRE, most of the Java applications are…

Nov 14, 2013 7 min read

OWASP Top 10 - A4 Insecure Direct Object References

Description The application exposes a direct reference (functional identifier, database key, file path…) to a…

Nov 04, 2013 2 min read

OWASP Top 10 - A3 Cross Site Scripting (XSS)

Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to…

Oct 28, 2013 3 min read

OWASP Top 10 - A2 Broken Authentication and Session Management

Description The attacker steals his victim’s credentials or any information that will help him…

Oct 21, 2013 10 min read

OWASP Top 10 - A1 Injection

Description The attacker sends untrusted data that will be injected in the targeted application to…

Oct 11, 2013 5 min read