OWASP – WindowsTechs.com

Dependency-Check: Open-source Software Composition Analysis (SCA) tool

Posted on March 19, 2025 by Help Net Security

Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a m… Continue reading Dependency-Check: Open-source Software Composition Analysis (SCA) tool→

Why are the unsafe challenges in OWASP Juice Shop a security risk in containerized environments? [duplicate]

Posted on January 18, 2025 by StckXchnge-nub12

OWASP Juice Shop is a popular tool for web security training, demos and learning. I am using the provided docker container and hosting it in a dedicated computer. However, there are certain challenges that are disabled in containerized env… Continue reading Why are the unsafe challenges in OWASP Juice Shop a security risk in containerized environments? [duplicate]→

OWASP dependency checker is not reporting vulnerabilities that VS.Net reports

Posted on January 13, 2025 by user39471

We are using OWASP dependency check on a Jenkins build server to check for vulnerabilities in .Net solutions. For this, we installed the OWASP Dependency-Check on Jenkins. These checks run overnight, so I am alerted on vulnerabilities disc… Continue reading OWASP dependency checker is not reporting vulnerabilities that VS.Net reports→

OWASP dependency checker is not reporting vulnerabilities that VS.Net reports

Posted on January 13, 2025 by user39471

Infosec products of the month: May 2024

Posted on June 3, 2024 by Help Net Security

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Adaptive Shield, Appdome, AuditBoard, Calix, Cranium, CyberArk, Cybersixgill, Dashlane, Datadog, Detectify, Eclypsium, ExtraHop, FireMon, Fo… Continue reading Infosec products of the month: May 2024→

New infosec products of the week: May 17, 2024

Posted on May 17, 2024 by Help Net Security

Here’s a look at the most interesting products from the past week, featuring releases from Calix, FireMon, ManageEngine, and OWASP Foundation. Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools Calix unveiled updat… Continue reading New infosec products of the week: May 17, 2024→

OWASP dep-scan: Open-source security and risk audit tool

Posted on May 16, 2024 by Mirko Zorz

OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, mak… Continue reading OWASP dep-scan: Open-source security and risk audit tool→

Are all stateless authentication systems vulnerable to IDOR?

Posted on May 6, 2024 by Rands

I have recently been introduced to the Insecure Direct Object Reference vulnerability (https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html) with the example of an attacker copying a k… Continue reading Are all stateless authentication systems vulnerable to IDOR?→

OWASP Data Breach Caused by Server Misconfiguration

Posted on April 2, 2024 by Ionut Arghire

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.
The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek.
Continue reading OWASP Data Breach Caused by Server Misconfiguration→

Double Submit Cookie Bypass

Posted on February 10, 2024 by Johnny

I am trying to work on an example for my class on how double submit cookie works and how attackers can bypass it
The idea i have is I have two domain att.com and victim.com. The login functionality on victim.com creates the session and als… Continue reading Double Submit Cookie Bypass→