by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an attacker to submit input to the...
by Taylor Smith | Apr 27, 2017 | InfoSec Strategies
Editor’s Note: This post was originally published in April 2015 and has been updated for accuracy and comprehensiveness. “Web cookies.” We see this term thrown around online quite a bit, whether it be in dialogue boxes requesting permission to use them, or site...
by Bhaumik Shah | Mar 14, 2017 | InfoSec Strategies
If you’re a web application developer or security professional, chances are you’ve heard at least a little about the OWASP Application Security Verification Standard. Currently at version 3.0.1 and reflecting a wealth of industry feedback, this community-led project...
by Bhaumik Shah | Nov 24, 2015 | ISMS Consulting
The Web Application Attack and Audit Framework (w3af) is an open source framework for auditing and exploitation of web applications. For businesses whose IT budgets aren’t hefty enough to purchase proprietary, enterprise-class tools like IBM Security AppScan or Cenzic...
by Bhaumik Shah | May 21, 2015 | Security Awareness Training
Hackers are relentless in their targeted attacks on application-level security vulnerabilities. The way to mitigate these risks is to write more secure code. Cybercrime risk isn’t the only reason to focus on software security. It’s mandated as part of many information...
