Application security

Introduction In the first installment of this series, we discussed application security within the Software Development Process by demystifying the adoption...

In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we're clear about how it works, because it is an...

Security professionals have all heard, read, and in some instances, directly felt the impact of insecure or vulnerable applications. Whether they originate...

In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite....

I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are...

Securing software has always been an issue. Whether it be web, desktop or server applications, insecure coding practices can result in substantial data loss...

The recent Application Security Europe conference (www.appseceu.org) was one of the better conferences I have had the pleasure to attend. The talks were interesting...

[highlight color="blue"]Interested in formal OWASP Top 10 Training? Check out our  OWASP Top 10 Training course OWASP Top 10 Training. [/highlight] Description:...

One of the biggest problems that businesses and individuals face today is the cost of web application security. It is not uncommon in the UK, for example, to...

In very simple terms, Arachni is a tool that allows you to assess the security of web applications. In less simple terms, Arachni is a high-performance,...