Tag Archives: OWASP

[Recommended Reading] OWASP Application Security Verification Standard Project

Source: OWASP Application Security Verification Standard Project

“The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.

The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:

  • Use as a metric – Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications
  • Use as guidance – Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
  • Use during procurement – Provide a basis for specifying application security verification requirements in contracts.

Read more…

Image source.

Advertisements

Leave a comment

Filed under InfoSec, Recommendations, WorldOfSecDevOps

[Recommended Reading] XML external entity attack

Source: XML external entity attack Wikipedia

“An XML External Entity (XXE) attack is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network. Read more…

Image source.

Leave a comment

Filed under General, InfoSec, Recommendations, WorldOfSecDevOps

OWASP Bucharest AppSec Conference 2017

Source: OWASP Bucharest AppSec Conference 2017

OWASP Bucharest team is happy to announce the OWASP Bucharest AppSec Conference 2017 a three days Security and Hacking Conference with additional training days dedicated to the application security. It will take place 11th through 13th of October, 2017 – Bucharest, Romania. With 11th and 12th  being training only days, 13th of October is the day of the conference!
The stated objective of the OWASP’s Bucharest AppSec Conference is to “raise awareness about application security and to bring high-quality security content provided by renowned professionals in the European region.”

Registration is free and all materials are available under a free and open software license.

Who Should Attend?

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals interested in improving IT Security
  • Anyone interested in learning about or promoting Web Application Security

Further information about the talks is available here. Registration is FREE so you just need to book your seat using this link, print your ticket and present it at the entrance.

Check out the training opportunities here and be advised as the number of available seats is limited!

Spoilers: Adobe Romania’s , Cristian OPINCARU will be delivering an awesome talk on “Protecting against credential stuffing attacks” and Cristina NICA, Andreea CUTLACAI & Daniela ENE organized a very interesting panel discussion on Women in AppSec!

 

Leave a comment

Filed under Conference, Events, General, InfoSec, Recommendations, Training

[Recommended Video] Women in Security panel @ OWASP AppSec 2016

Source: OWASP YouTube Channel

Image source.

Leave a comment

Filed under Conference, General, InfoSec, Recommendations, Talks

[Recommended] OWASP TOP 10

Source: OWASP TOP TEN PROJECT

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

Leave a comment

Filed under General, Recommendations, Uncategorized