Application security October 18, 2011 Mark Wireman SQL Injection: The Equal Opportunity Vulnerability Introduction In the first installment of this series, we discussed application security within the Software Development Process by demystifying the adoption...
Application security October 12, 2011 Arvind Doraiswamy HTTP response splitting attack In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we're clear about how it works, because it is an...
Application security August 5, 2011 Mark Wireman Application Security, Deconstructed and Demystified Security professionals have all heard, read, and in some instances, directly felt the impact of insecure or vulnerable applications. Whether they originate...
Application security July 15, 2011 Ken Johnson Attacking web services Pt 2 – SOAP In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite....
Application security July 15, 2011 Ken Johnson Attacking web services Pt 1 – SOAP I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are...
Application security June 22, 2011 Skyler Onken Securing Software with the Application and Front Controller Patterns Securing software has always been an issue. Whether it be web, desktop or server applications, insecure coding practices can result in substantial data loss...
Application security June 17, 2011 Thomas Mackenzie Malicious SOAP Requests as Web Service Attacks The recent Application Security Europe conference (www.appseceu.org) was one of the better conferences I have had the pleasure to attend. The talks were interesting...
Application security June 8, 2011 Russ McRee OWASP Top 10 Deeper Dive – A8: Failure to Restrict URL Access [highlight color="blue"]Interested in formal OWASP Top 10 Training? Check out our OWASP Top 10 Training course OWASP Top 10 Training. [/highlight] Description:...
Application security May 31, 2011 Thomas Mackenzie Web Application Firewalls with Mod Security One of the biggest problems that businesses and individuals face today is the cost of web application security. It is not uncommon in the UK, for example, to...
Application security May 25, 2011 Tasos Laskos Web application testing with Arachni In very simple terms, Arachni is a tool that allows you to assess the security of web applications. In less simple terms, Arachni is a high-performance,...