Local File Inclusion - aka LFI - is one of the most common Web Application vulnerabilities. If conducted successfully, It might allow attackers to read sensitive information, access configuration files or even execute system commands remotely.
Cross Site Scripting, or XSS, is one of the most common type of vulnerabilities in web applications. Discover how to avoid Cross-Site Scripting attacks.
In the digital age, web application penetration testing is one of the most critical elements of an organization’s vulnerability management program. In this blog post we will explain the role of penetration testing plays in protecting your organization against web-related exploitations
In this final blog entry covering OWASP we will address the three new entries, what they mean for organizations and the steps they should take to mitigate the risks they pose.
Srinivasan Jayaraman, Vulnerability Research Manager
CPU bugs Meltdown and Spectre were discovered earlier this week which could allow hackers to read sensitive information stored in a system's memory. Find out what they are and what can be done about these widespread vulnerabilities
The second part of the OWASP Top 10 2013/17 comparison list with tips and advice to remediate vulnerabilities such as sensitive data exposure, broken access controls, security misconfigurations and cross site scripting (XSS).
In December 2017 several security researchers discovered that an old vulnerability – namely the Bleichenbachers Oracle Threat had resurfaced after first being discovered 19 years ago in 1989. This recurring vulnerability, now called ROBOT, affects the TLS (Transport Layer Protocol) in a way that could lead to the disclosure of private information caused by discrepancies between valid and invalid PKCS#1 padding.
After analysing data from over 40 application security vendors, 100’s of individuals and 10,000’s of real world applications and API’s – OWASP released the new OWASP top 10 for 2017, the first major update since 2013. Four years later, what have changed?
