In 2017, OWASP added a new vulnerability to the Top 10 list: A8 Insecure Deserialization, in place of the previous #8 vulnerability, Cross-Site Request Forgery. According to OWASP, “Insecure deserialization often leads to remote code execution. Even...
What is Access Control? Access control (authorization) determines which users can interact with what systems and resources within your company. When access control is broken, users could send unauthorized requests to your applications. Unauthorized access to ...
Today’s security professionals face a relentless barrage of alerts, a widening cybersecurity skills gap, and the constant pressure to do more with less. Manually triaging alerts, investigating incidents, and coordinating responses across disparate secur...
C# OWASP Top 10: How to Discover Vulnerabilities in a C# Web Application In this article, you’ll learn the top 10 security issues in web applications, as defined by the Open Web Application Security Project (OWASP Top 10 – 2017). For each issue, you...
Many applications provide a services layer (to other applications, to a presentation layer, etc.). Or, they consume services exposed by third-parties (not necessarily trusted). A REST model is a simple, widely-used way for designing such service layers. This ...
Legacy “business-oriented” languages present unique challenges for software security. Unfortunately, there is a lack of awareness about the security risks of these languages. In this post, we will focus on the security vulnerabilities inherent in busin...
As new technologies and big data deliver previously unimagined connections and conveniences, the shadow side of cyber threats is also growing. Cybercriminals can scale to unprecedented levels using artificial intelligence (AI) and launch sophisticated attacks...
Common Weakness Enumeration (CWE) is a software and hardware weaknesses classification system. It’s an extension of the Common Vulnerabilities and Exposures (CVE) list compiled by MITRE. This federally funded, non-profit organization manages research and deve...
As the cybersecurity landscape becomes increasingly complex, it’s essential for organizations to stay informed about the tactics most likely to be used against them. In 2023, SQL injection attacks accounted for 23% of all critical web application vulner...
Source code vulnerabilities are one of the central openings that allow threat actors to carry out their cyberattacks. From code injection to denial of service (DOS) attacks, hackers can exploit these vulnerabilities to access users’ information. They ma...
Cybercrime is an ever-evolving world of constant change as cybercriminals continue to develop increasingly dangerous and sophisticated attacks. In particular, data breaches plagued dozens of well-known organizations around the world in 2018, with the single l...
Improving the security of your application development lifecycle provides users with a better experience while preventing data breaches, and it starts with security testing. The last thing any company wants is to get that dreaded warning that someone’s ...
