by Bhaumik Shah | Sep 10, 2018 | InfoSec Strategies
Reading Time: 2 minutes
A recent security flaw in a financial technology application was discovered by a security researcher. The flaw illustrates a significant benefit of using the OWAS ASVS over the OWASP Top 10 list when verifying an application’s...
by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
Reading Time: 3 minutes
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an...
by Taylor Smith | Apr 27, 2017 | InfoSec Strategies
Reading Time: 4 minutes
Editor’s Note: This post was originally published in April 2015 and has been updated for accuracy and comprehensiveness. “Web cookies.” We see this term thrown around online quite a bit, whether it be in dialogue boxes...
by Bhaumik Shah | Mar 14, 2017 | InfoSec Strategies
Reading Time: 2 minutes
If you’re a web application developer or security professional, chances are you’ve heard at least a little about the OWASP Application Security Verification Standard. Currently at version 4.0.1 and reflecting a wealth of industry...
by Bhaumik Shah | Nov 24, 2015 | ISMS Consulting
Reading Time: 5 minutes
The Web Application Attack and Audit Framework (w3af) is an open source framework for auditing and exploitation of web applications. For businesses whose IT budgets aren’t hefty enough to purchase proprietary, enterprise-class tools...