TesterCity

A place where software quality lives

OWASP Top 10 2017 RC2 Final has been published

A second release candidate for the list of Most Critical types of vulnerabilities/risks for Web Apps by version of OWASP, has been published recently on their GitHub space.

There was significant changes since the previous OWASP Top 10 2013 list: some threats are not so actual these days, but another ones arose (such as XML External Entity (XXE), Insecure Deserealization, and Insufficient Logging & Monitoring).

The RC2 has Final postfix in its name meaning the document is ready to review and investigation.

Read the rest of this entry »

OWASP Mobile Security Project and its defined Top 10 Mobile Risks

Let me introduce the OWASP (Open Web Application Security Project) — worldwide not-for-profit charitable organization focused on improving the security of software.

These guys are investigating the quality of software, not only web- or mobile-apps, and their site contain tonns of useful info for everyone interested in security testing.

Today I would like to tell about one of their projects — OWASP Mobile Security Project.
As it coming from the name of project — it’s about security of mobile OS (like Android or iOS), applications and devices itself.

OWASP had defined  Top 10 Mobile Risks that applicable to any mobile platform:

Mobile_Top_10_2014_570

They’ve also provided comprehensive description per each risk, so if you’re curious about what they mean, click on the image above or per links below:

Also, a full Risks description, including examples of vulnerable code, available at this presentation: Owasp_top_10_mobile_risks.pdf

In addition, OWASP maintains and distributes a check list to go through the system under test, it can be used in the work: OWASP Mobile App Checklist v1.0.pdf

 

AppSecUSA 2015: On demand videos

Hi! Here is recordings from AppSecUSA 2015 in San Francisco. Watch these videos in order to learn what is on cutting edge of the Security testing.
I would especially note on exciting Keynote by Alex Stamos, who is currently Chief Security Officer on Facebook: «The Moral Imperatives and Challenges for Modern Application Security».