by Richard Barrus | Sep 10, 2018 | InfoSec Strategies
Reading Time: 2 minutes
A recent security flaw in a financial technology application was discovered by a security researcher. The flaw illustrates a significant benefit of using the OWAS ASVS over the OWASP Top 10 list when verifying an application’s...
by Richard Barrus | Apr 3, 2018 | InfoSec Strategies
Reading Time: 3 minutes
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an...
by Taylor Smith | Apr 27, 2017 | InfoSec Strategies
Reading Time: 4 minutes
Editor’s Note: This post was originally published in April 2015 and has been updated for accuracy and comprehensiveness. “Web cookies.” We see this term thrown around online quite a bit, whether it be in dialogue boxes...
by Richard Barrus | Mar 14, 2017 | InfoSec Strategies
Reading Time: 2 minutes
If you’re a web application developer or security professional, chances are you’ve heard at least a little about the OWASP Application Security Verification Standard. Currently at version 4.0.1 and reflecting a wealth of industry...
by Richard Barrus | Nov 24, 2015 | ISMS Consulting
Reading Time: 5 minutes
The Web Application Attack and Audit Framework (w3af) is an open source framework for auditing and exploitation of web applications. For businesses whose IT budgets aren’t hefty enough to purchase proprietary, enterprise-class tools...
