-
-
TAGS
Integrating Civic into a Static Serverless Website (part 2 of 2)
This is the second part of this tutorial (first part here). By now your static…
Integrating Civic into a Static Serverless Website Part 1 of 2
This article describes an application that takes advantage of AWS serverless services to provide a…
Service Oriented Network Security - AWS Security Group Design
Amazon Web Services is capable of providing the infrastructure to run all of your applications…
JHipster: Streamlining the Hackathon Experience
For most 24 hour Hackathons, the work starts a week or two prior to the…
Security White Paper: OWASP - Building Secure Web Applications
Nowadays, software application security absolutely cannot be ignored and every IT professional must take this…
OWASP Top 10 - A10 Unvalidated Redirects and Forwards
Description If a user is redirected or forwarded to a page defined by an unverified…
OWASP Top 10 - A9 Using Components with Known Vulnerabilities
Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows…
OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)
Description An attacker sends a request to a website you are authenticated on to execute…
OWASP Top 10 - A7 Missing Function Level Access Control
Description In a web application with different user roles, authentication is not enough. Each request…
OWASP Top 10 - A6 Sensitive Data Exposure
Description We have seen in the previous articles that an experienced attacker can easily intercept…
OWASP Top 10 - A5 Security Misconfiguration
Description Nowadays, besides the operating system and the JRE, most of the Java applications are…
OWASP Top 10 - A4 Insecure Direct Object References
Description The application exposes a direct reference (functional identifier, database key, file path…) to a…
OWASP Top 10 - A3 Cross Site Scripting (XSS)
Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to…
OWASP Top 10 - A2 Broken Authentication and Session Management
Description The attacker steals his victim’s credentials or any information that will help him…
Description The attacker sends untrusted data that will be injected in the targeted application to…