Архив метки: owasp

OWASP Top 10 2017 RC2 Final has been published

A second release candidate for the list of Most Critical types of vulnerabilities/risks for Web Apps by version of OWASP, has been published recently on their GitHub space.

There was significant changes since the previous OWASP Top 10 2013 list: some threats are not so actual these days, but another ones arose (such as XML External Entity (XXE), Insecure Deserealization, and Insufficient Logging & Monitoring).

The RC2 has Final postfix in its name meaning the document is ready to review and investigation.

Читать далее

OWASP Mobile Security Project and its defined Top 10 Mobile Risks

Let me introduce the OWASP (Open Web Application Security Project) — worldwide not-for-profit charitable organization focused on improving the security of software.

These guys are investigating the quality of software, not only web- or mobile-apps, and their site contain tonns of useful info for everyone interested in security testing.

Today I would like to tell about one of their projects — OWASP Mobile Security Project.
As it coming from the name of project — it’s about security of mobile OS (like Android or iOS), applications and devices itself.

OWASP had defined  Top 10 Mobile Risks that applicable to any mobile platform:


They’ve also provided comprehensive description per each risk, so if you’re curious about what they mean, click on the image above or per links below:

Also, a full Risks description, including examples of vulnerable code, available at this presentation: Owasp_top_10_mobile_risks.pdf

In addition, OWASP maintains and distributes a check list to go through the system under test, it can be used in the work: OWASP Mobile App Checklist v1.0.pdf


AppSecUSA 2015: On demand videos

Hi! Here is recordings from AppSecUSA 2015 in San Francisco. Watch these videos in order to learn what is on cutting edge of the Security testing.
I would especially note on exciting Keynote by Alex Stamos, who is currently Chief Security Officer on Facebook: «The Moral Imperatives and Challenges for Modern Application Security».