by Jeremy Sporn | Sep 6, 2019 | Penetration Testing
Reading Time: 2 minutes
If you’re involved in web application security, you’ve probably heard of the Open Web Application Security Project (OWASP) and its popular Top 10 list of vulnerabilities. But you may not be as familiar with a parallel effort that in... by Jeremy Sporn | Jun 3, 2019 | Business Continuity Management, Disaster Recovery, InfoSec Risk Assessment, InfoSec Strategies, ISMS Consulting, ISO 22301
Reading Time: 4 minutes
The SaaS model depends on trust. As a SaaS provider, are potential customers confident they can trust you with their data? Despite massive and growing investments in cloud applications and services, a McAfee study on the state of... by Bhaumik Shah | Sep 10, 2018 | InfoSec Strategies
Reading Time: 2 minutes
A recent security flaw in a financial technology application was discovered by a security researcher. The flaw illustrates a significant benefit of using the OWAS ASVS over the OWASP Top 10 list when verifying an application’s... by Jeremy Sporn | May 29, 2018 | ISMS Consulting
Reading Time: < 1 minuteMany teams and organizations rely on the OWASP Top 10 list of the most critical web application security vulnerabilities as a basis for their application security testing, and as high-level guidance for assessing risks and prioritizing... by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
Reading Time: 3 minutes
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an...
