by Richard Barrus | Mar 19, 2021 | IoT Security
Reading Time: 2 minutes
If you’re involved with cybersecurity, you’re probably aware of the OWASP Foundation, a leading authority globally on application security. OWASP is famous for its Top 10 and Application Security Verification Standard (ASVS)...
by Richard Barrus | Mar 17, 2021 | IoT Security
Reading Time: 2 minutes
If you’re charged with testing Internet of Things (IoT) devices or systems, we feel your pain. As the IoT explodes in diversity and complexity, IoT solutions often evolve into multi-component ecosystems with webs of potential...
by Richard Barrus | Feb 12, 2019 | InfoSec Strategies
Reading Time: 5 minutes
In recent web application assessments, I’ve found a number of client applications that have cross-origin resource sharing (CORS) vulnerabilities—which I flagged as Critical because they left the application wide open to a range of...
by Richard Barrus | Sep 10, 2018 | InfoSec Strategies
Reading Time: 2 minutes
A recent security flaw in a financial technology application was discovered by a security researcher. The flaw illustrates a significant benefit of using the OWAS ASVS over the OWASP Top 10 list when verifying an application’s...
by Richard Barrus | Apr 3, 2018 | InfoSec Strategies
Reading Time: 3 minutes
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an...