Why XSS is still an XXL issue in 2021
Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a …
ShiftLeft allows users to validate the accuracy of ShiftLeft CORE using OWASP Benchmark
ShiftLeft has released a tool enabling businesses to independently benchmark and validate the accuracy of ShiftLeft CORE using the Open Web Application Security Project …
Most mobile finance apps vulnerable to data breaches
77% of financial apps have at least one serious vulnerability that could lead to a data breach, an Intertrust report reveals. This report comes at a time where finance mobile …
A leadership guide for mitigating security risks with low code platforms
The low code market continues to grow, increasingly finding adoption for more diverse and serious applications among enterprises and independent software vendors (ISVs). The …
Wind River’s enhancements deliver cybersecurity and anti-tamper protection
Wind River announced security enhancements to Wind River Studio, a cloud-native platform for the development, deployment, operations, and servicing of mission-critical …
Cequence Security API Sentinel 2.0 helps orgs strengthen their runtime API protections
Cequence Security announced the release of API Sentinel 2.0, adding powerful features that will help organizations strengthen their runtime API protections by “shielding …
OWASP SAMM version 2: Analyze and improve organizational security posture
The OWASP SAMM (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies …
Security pitfalls to avoid when programming using an API
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks. The most common and perilous API security risks API abuse is an …
How to securely deploy medical devices within a healthcare facility
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical …
OWASP set to address API security risks
OWASP has started a new project and is set to publish a new guide on security risks. The issue they aim to tackle this time is API security. The new OWASP API Security Project …
How to automate a custom password dictionary for your pen test
When doing penetration testing, security professionals regularly have to deal with words that are specific to the task at hand, and many are not found in common wordlists. …
Verify your software for security bugs
Verification is an important phase of developing secure software that is not always addressed in depth that includes dynamic analysis and fuzzing testing. This step allows …
