by Bhaumik Shah | Sep 7, 2017 | InfoSec Strategies
Pivot Point Security will soon be among the first information security firms to begin using the OWASP Application Security Verification Standard (ASVS) across its application security testing practice. As I blogged about back in mid-August, this shift has...
by Bhaumik Shah | Aug 16, 2017 | InfoSec Strategies
As I blogged about back in March, Pivot Point Security will soon be using the OWASP ASVS (Application Security Verification Standard) across its application security testing practice. We are proud to be among the first information security firms to make the shift to...
by Bhaumik Shah | Mar 14, 2017 | InfoSec Strategies
If you’re a web application developer or security professional, chances are you’ve heard at least a little about the OWASP Application Security Verification Standard. Currently at version 3.0.1 and reflecting a wealth of industry feedback, this community-led project...
by Bhaumik Shah | Aug 20, 2015 | InfoSec Strategies
Clickjacking, also sometimes called a UI redress attack, deceives website visitors and directs their clicks to the attacker’s choice of elements on another website. I find this longstanding vulnerability in almost every web application I test. (I even found it...
by Robert Gorski | Nov 25, 2014 | Penetration Testing
In our work with clients we sometimes encounter a misconception that performing an Application Vulnerability Assessment and/or a Penetration Test amounts to an assessment of a web application’s vulnerability to the OWASP Top 10 security flaws. This has never been the...
