by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an attacker to submit input to the...
by Bhaumik Shah | Mar 27, 2018 | ISMS Consulting
The “OWASP Top 10” list of the most critical web application security risks is widely used as a basis for application security testing and as high-level guidance for assessing risks and prioritizing remediation of vulnerabilities. Recently, for the first time since...
by Bhaumik Shah | Feb 13, 2018 | InfoSec Strategies
Enabling users to upload images, videos, documents and all manner of files is essential for many web applications, from social networking sites to web forums to intranet collaboration portals to document repositories to blog sites. But allowing users to upload files...
by Bhaumik Shah | Jan 19, 2018 | ISO 27001 Certification
The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that architects, developers, testers, security professionals, and even consumers can use to define what constitutes a secure application. In this post,...
by Jeremy Sporn | Jan 9, 2018 | ISMS Consulting
The SaaS model depends on trust. As a SaaS provider, are potential customers confident they can trust you with their data? Despite massive and growing investments in cloud applications and services, a recent McAfee study on the state of cloud adoption and security...
