Web Application Firewalls with Mod Security
One of the biggest problems that businesses and individuals face today is the cost of web application security.
It is not uncommon in the UK, for example, to...
Application security
Web application testing with Arachni
In very simple terms, Arachni is a tool that allows you to assess the security of web applications.
In less simple terms, Arachni is a high-performance,...
Jeremiah Grossman Reveals His Process for Security Research
In our ongoing series of interviews, this week Jeremiah Grossman answered a few questions and pulled back the curtain a bit on the methods, tools and motivation...
OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)
Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement.
Finding security vulnerabilities in PHP using Grep
Description: Using grep to find common web application vulnerabilities within your applications.
It is a common misconception that companies need to purchase...
OWASP top 10 tools and tactics
A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten
If you've spent any time defending web applications as a security...