OWASP Top 10 Deeper Dive – A8: Failure to Restrict URL Access
[highlight color="blue"]Interested in formal OWASP Top 10 Training? Check out our OWASP Top 10 Training course OWASP Top 10 Training. [/highlight]
Description:...
Russ McRee
Russ McRee is a senior security analyst, researcher, and founder of holisticinfosec.org, where he advocates a holistic approach to the practice of information assurance. He is also a security researcher for InfoSec Institute.
His predominant focuses are incident response and web application security; he does both as team leader of Microsoft Online Service’s Security Incident Management team.
Russ speaks and writes frequently on information security topics; including toolsmith, a monthly column for the ISSA Journal.
IBM’s ISS X-Force cited him as the 6th ranked Top Vulnerability Discoverers of 2009.
OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)
Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement.
OWASP top 10 tools and tactics
A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten
If you've spent any time defending web applications as a security...
Security Incident Response Testing To Meet Audit Requirements
Description: Practical guidance and tools to ensure maximum readiness for incident response teams including drill tactics. PCI-DSS audits often require IR testing...