Collaborate Disseminate
I want to integrate ModSecurity into the WAF to ensure I’m protected with OWASP Top 10 security mitigations. I’d appreciate your guidance if there are any specific configurations you recommend for enhanced security.
Continue reading How to include the coreruleset rules in OPNsense firewall WAF (Nginx)
I am working on a Web API that needs to call a 3rd party Web API to achieve some features. That 3rd party’s API’s design is sort of a "God API" such that it takes a generic object type to allow that single API to be used for MANY… Continue reading Insecure Deserialization in C# (.NET) using NewtonsoftJson
currently burp suite scanner found a vulnerability on the website with the following characteristics:
Issue: OS command injection
Severity: High
Confidence: Certain
Issue detail
The login parameter appears to be vulnerable to OS command… Continue reading Blind OS command injection with out-of-band data exfiltration
Say the URL of the site in
http://www.example.com
The affected URL is:
http://www.example.com/admin/doAdminStuffs_1.html
http://www.example.com/admin/doAdminStuffs_2.html
Say there are two types of users on the example website, "pro… Continue reading How to fix this broken access control issue in a web application?
I am trying to create a security checklist for developers/testers of web applications to make sure that the web app is compliant with all the security guidelines.
When looking at the different standards available, I found OWASP top 10, OWA… Continue reading Which standard can be used to seed security checklist for web application?
There is the OWASP Top 10 which is the most known one: https://owasp.org/www-project-top-ten/
And there is the OWASP Top 10 API: https://owasp.org/www-project-api-security/
Both lists are very similar, so I am confused why there are 2 list… Continue reading What is the difference between OWASP Top 10 and OWASP Top 10 API
Can someone please explain what is meant by the following analysis provided in the overview section of the OWASP Top 10 A03:2021 – Injection page:
Injection slides down to the third position. 94% of the applications
were tested for some f… Continue reading What does OWASP mean by max incidence and average incidence rate?
I am trying to understand what does SOP mean? If there are two sites such as example1.com and examole2.com what are the dangers can one of them cause to the other? Like stealing what, received what?! So SOP exists to prevent that catast… Continue reading Benefits of same origin policy
We are currently looking for a suitable training format to train our web developers in security related topics and secure coding. There are quite a few different providers and courses online. It is difficult to find out which one is the ri… Continue reading Recommended security training for Web Developers [closed]
I have an endpoint https://my-portal.nl and I wan’t to place a WAF with the OWASP Core rule set before it. So I found a Docker image(owasp/modsecurity-crs:apache) that can proxy all the requests to my endpoint (https://my-portal.nl). For s… Continue reading Can’t get docker image owasp/modsecurity-crs:apache reverse proxy to work