by Bhaumik Shah | Feb 12, 2019 | InfoSec Strategies
Reading Time: 4 minutes
In recent web application assessments, I’ve found a number of client applications that have cross-origin resource sharing (CORS) vulnerabilities—which I flagged as Critical because they left the application wide open to a range of... by Bhaumik Shah | Sep 10, 2018 | InfoSec Strategies
Reading Time: 2 minutes
A recent security flaw in a financial technology application was discovered by a security researcher. The flaw illustrates a significant benefit of using the OWAS ASVS over the OWASP Top 10 list when verifying an application’s... by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
Reading Time: 3 minutes
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an... by Bhaumik Shah | Feb 13, 2018 | InfoSec Strategies
Reading Time: 3 minutes
Enabling users to upload images, videos, documents and all manner of files is essential for many web applications, from social networking sites to web forums to intranet collaboration portals to document repositories to blog sites.... by Bhaumik Shah | Jan 19, 2018 | ISO 27001 Certification
Reading Time: 3 minutes
The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that architects, developers, testers, security professionals, and even consumers can use to define what constitutes a...
