How should I interpret, "access controls on the presentation layer are enforced on the server side?

This question is with reference to the OWASP standard (Access control rules on the presentation layer are enforced on the server side – OWASP ASVS 3.0 – 4.9)

I’m trying to deeply understand what it means so that I can communicate it to a … Continue reading How should I interpret, "access controls on the presentation layer are enforced on the server side?

OWASP Application Security Verification Standard – Application Security Weekly #04

This week, Paul and Keith discuss OWASP Application Security Verification Standards! Full Show NotesSubscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www…. Continue reading OWASP Application Security Verification Standard – Application Security Weekly #04

Why does OWASP ASVS require HTTP responses to have a content header specifying a character set?

The OWASP Application Security Verification Standard (ASVS), Version 3, states in clause V11.2:

Verify that every HTTP response contains a content type header specifying a safe character set (e.g., UTF-8, ISO 8859-1).

W… Continue reading Why does OWASP ASVS require HTTP responses to have a content header specifying a character set?