A second release candidate for the list of Most Critical types of vulnerabilities/risks for Web Apps by version of OWASP, has been published recently on their GitHub space.
There was significant changes since the previous OWASP Top 10 2013 list: some threats are not so actual these days, but another ones arose (such as XML External Entity (XXE), Insecure Deserealization, and Insufficient Logging & Monitoring).
The RC2 has Final postfix in its name meaning the document is ready to review and investigation.
Let me introduce the OWASP (Open Web Application Security Project) — worldwide not-for-profit charitable organization focused on improving the security of software.
These guys are investigating the quality of software, not only web- or mobile-apps, and their site contain tonns of useful info for everyone interested in security testing.
Today I would like to tell about one of their projects — OWASP Mobile Security Project. As it coming from the name of project — it’s about security of mobile OS (like Android or iOS), applications and devices itself.
OWASP had defined Top 10 Mobile Risks that applicable to any mobile platform:
They’ve also provided comprehensive description per each risk, so if you’re curious about what they mean, click on the image above or per links below:
Hi! Here is recordings from AppSecUSA 2015 in San Francisco. Watch these videos in order to learn what is on cutting edge of the Security testing.
I would especially note on exciting Keynote by Alex Stamos, who is currently Chief Security Officer on Facebook: «The Moral Imperatives and Challenges for Modern Application Security».