OWASP SAMM version 2: Analyze and improve organizational security posture
The OWASP SAMM (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies …
Security pitfalls to avoid when programming using an API
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks. The most common and perilous API security risks API abuse is an …
How to securely deploy medical devices within a healthcare facility
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical …
OWASP set to address API security risks
OWASP has started a new project and is set to publish a new guide on security risks. The issue they aim to tackle this time is API security. The new OWASP API Security Project …
How to automate a custom password dictionary for your pen test
When doing penetration testing, security professionals regularly have to deal with words that are specific to the task at hand, and many are not found in common wordlists. …
Verify your software for security bugs
Verification is an important phase of developing secure software that is not always addressed in depth that includes dynamic analysis and fuzzing testing. This step allows …
OWASP top 10 web application risks for 2013
Since 2003, application security researchers and experts from all over the world at the Open Web Application Security Project (OWASP) have carefully monitored the state of web …
Application vulnerabilities still a top security concern
Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ …
The importance of secure coding
Jim Manico is the VP of Security Architecture for WhiteHat Security. In this video recorded at Hack In The Box 2013 Amsterdam, Manico illustrates the importance of secure …
Majority of web apps vulnerable to most frequent exploits
84 percent of web applications from public companies were deemed unacceptable when measured against the OWASP Top 10 most frequently exploited web application vulnerabilities, …
Injection attacks tutorial
This episode of the OWASP appsec tutorial series describes the #1 attack on the OWASP top 10 – injection attacks. The video illustrates SQL injection, discusses other …
Breaking web browsers
In the video below, Jeremiah Grossman, the founder and CTO of WhiteHat Security, talks about breaking web security. The video was recorded at the OWASP AppSec USA 2010 conference.
