Application security

Securing software has always been an issue. Whether it be web, desktop or server applications, insecure coding practices can result in substantial data loss...

The recent Application Security Europe conference (www.appseceu.org) was one of the better conferences I have had the pleasure to attend. The talks were interesting...

[highlight color="blue"]Interested in formal OWASP Top 10 Training? Check out our  OWASP Top 10 Training course OWASP Top 10 Training. [/highlight] Description:...

One of the biggest problems that businesses and individuals face today is the cost of web application security. It is not uncommon in the UK, for example, to...

In very simple terms, Arachni is a tool that allows you to assess the security of web applications. In less simple terms, Arachni is a high-performance,...

In our ongoing series of interviews, this week Jeremiah Grossman answered a few questions and pulled back the curtain a bit on the methods, tools and motivation...

Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement.

Description: Using grep to find common web application vulnerabilities within your applications. It is a common misconception that companies need to purchase...

A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten If you've spent any time defending web applications as a security...