by Bhaumik Shah | Sep 10, 2018 | InfoSec Strategies
A recent security flaw in a financial technology application was discovered by a security researcher. The flaw illustrates a significant benefit of using the OWAS ASVS over the OWASP Top 10 list when verifying an application’s information security. Here’s Why...
by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an attacker to submit input to the...
by Taylor Smith | Apr 27, 2017 | InfoSec Strategies
Editor’s Note: This post was originally published in April 2015 and has been updated for accuracy and comprehensiveness. “Web cookies.” We see this term thrown around online quite a bit, whether it be in dialogue boxes requesting permission to use them, or site...
by Bhaumik Shah | Mar 14, 2017 | InfoSec Strategies
If you’re a web application developer or security professional, chances are you’ve heard at least a little about the OWASP Application Security Verification Standard. Currently at version 3.0.1 and reflecting a wealth of industry feedback, this community-led project...
by Bhaumik Shah | Nov 24, 2015 | ISMS Consulting
The Web Application Attack and Audit Framework (w3af) is an open source framework for auditing and exploitation of web applications. For businesses whose IT budgets aren’t hefty enough to purchase proprietary, enterprise-class tools like IBM Security AppScan or Cenzic...
