5 open-source vulnerability assessment tools to try out

A vulnerability assessment is a methodical examination of network infrastructure, computer systems, and software with the goal of identifying and addressing known security flaws. Once the vulnerabilities are pinpointed, they are classified based on how… Continue reading 5 open-source vulnerability assessment tools to try out

Interpreting OWASP prohibition: no sensitive-account login to any frontend interface

OWASP’s Authentication Cheat Sheet states unequivocally:

Do NOT allow login with sensitive accounts (i.e. accounts that can be used internally within the solution such as to a back-end / middle-ware / DB) to any front-end user-interface.
Continue reading Interpreting OWASP prohibition: no sensitive-account login to any frontend interface

Black Hat USA 2022 video walkthrough

In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal Security, Adaptive Shield, Airgap, Akamai, Anomali, Arctic Wolf Networks, Aris… Continue reading Black Hat USA 2022 video walkthrough

API security warrants its own specific solution

Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can provide ready access to back-end systems and sensitive data sets. What makes … Continue reading API security warrants its own specific solution

Normative reference for a web application disclosing existing values of integration secrets to users

In a web-based SaaS product, one of the configuration pages allows users to set credentials for system-wide integrations with other products. These include usernames, passwords, and API secrets.
The sensitive fields are set as type="p… Continue reading Normative reference for a web application disclosing existing values of integration secrets to users

Are there any defined approaches to identify security requirements of a system? [closed]

Are there any defined approaches that help you identify security requirements given that you have a specific decription of a system design? After a little research, I found OWASP Application Security Verification Standard. I am sure that t… Continue reading Are there any defined approaches to identify security requirements of a system? [closed]

GoTestWAF: Open-source project for evaluating web application security solutions

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was designed to evaluate web application security solutions, such as API security proxi… Continue reading GoTestWAF: Open-source project for evaluating web application security solutions