What Top Web Attacks Can We Expect in the New OWASP Top 10?
The latest edition of the Open Web Application Security Project Top Ten was released in 2017, four years after the previous one. Therefore, we can expect that the new version of this cybersecurity report will be out sometime next year. Let us have a look... Read more The post What ... Read More
SAST Teaches How to Go Around Problems, Not Fix Them
Opinion: SAST tools have one advantage – they point the developer to the root cause of the problem. However, this is also a major disadvantage. They don’t teach the developer about the consequences. They don’t teach the developer how to avoid making mistakes. As a... Read more The post SAST ... Read More
What Is Forced Browsing
Forced browsing, also called forceful browsing, is an attack technique against badly protected websites and web applications, which allows the attacker to access resources that they should not be able to access. Such resources may contain sensitive information. Forced browsing is a common web application... Read more The post What ... Read More
What Are Open Redirects?
Open redirect is a type of web application security issue that allows attackers to use your business reputation to make phishing attacks more effective. If you allow open redirects, an attacker can send a phishing email that contains a link with your domain name and... Read more The post What ... Read More
The Importance of Validating Fixes – Lessons from Google
Zohar Shachar, an Israeli security researcher, recently revealed the details of a bounty that he received approximately a year ago from Google. The security issue that he found was an advanced cross-site scripting (XSS) vulnerability in Google Maps. There was one detail about this case... Read more The post The ... Read More
How Well Are Enterprises Handling Web Application Security?
Enterprises are continuously battling criminals on many fronts. It’s an all-out war against enemies that are well-hidden and remain unpredictable. And the stakes are high – an effective, multi-stage attack can cripple the business or even lead to its complete downfall. Fortunately, most enterprises now... Read more The post How ... Read More
Security Misconfigurations and Their Consequences for Web Security
The term security misconfiguration is very generic and applies to any security issue that is not a result of a programming error but a result of a configuration error. Security misconfigurations have been defined as a separate category in the 2017 OWASP Top-10 list (category... Read more The post Security ... Read More
The Heartbleed Bug – Old Bugs Die Hard
You would think that after several years, a well-known security vulnerability should no longer be found in production systems. It may, therefore, come as a surprise that famous Internet security issues such as the Heartbleed vulnerability linger on for many years after they have been... Read more The post The ... Read More
Cross-Origin Resource Sharing (CORS) and the Access-Control-Allow-Origin Header
Modern browsers use the Same-Origin Policy (SOP) by default which means that fetching resources from other origins is not allowed. However, in some situations, such operations are necessary. Cross-Origin Resource Sharing (CORS) was designed to address such situations using HTTP response headers, which include Access-Control-Allow-Origin.... Read more The post Cross-Origin ... Read More
Agile and Secure SDLC – Best Practices
Agile development processes help businesses release software much quicker than it would be possible if using classic design and development cycles such as those based on the waterfall model. Most web applications require an agile methodology because they need to be updated very often and... Read more The post Agile ... Read More
