OWASP – Page 7 – WindowsTechs.com

How to interpret "Verify the use of a secure software development lifecycle that addresses security in all stages of development"?

Posted on March 14, 2021 by soro

I’ve been looking at OWASP Application Security Verification Standard 4.0.2 for a while now, and I’m trying to understand all the checkpoints in detail.
I am not sure what exactly the author of a particular point meant. Therefore, I have a… Continue reading How to interpret "Verify the use of a secure software development lifecycle that addresses security in all stages of development"?→

Defining Application Security

Posted on March 4, 2021 by Timothy Chiu, VP of Marketing

If you’re new to Application Security, you may be confused by the different terminology and where exactly Application Security fits relative to all the different phases of application development and during runtime of applications.
The post Defining Ap… Continue reading Defining Application Security→

How WAFs Can Mitigate The OWASP Top 10

Posted on March 3, 2021 by radware

These are the technical capabilities security professionals should consider when evaluating WAFs to protect against the OWASP Top 10.
The post How WAFs Can Mitigate The OWASP Top 10 appeared first on Radware Blog.
The post How WAFs Can Mitigate The OW… Continue reading How WAFs Can Mitigate The OWASP Top 10→

7 Capabilities Every Web Application Firewall Should Provide

Posted on February 10, 2021 by radware

Here are 7 characteristics to look for when evaluating a WAF.
The post 7 Capabilities Every Web Application Firewall Should Provide appeared first on Radware Blog.
The post 7 Capabilities Every Web Application Firewall Should Provide appeared first on… Continue reading 7 Capabilities Every Web Application Firewall Should Provide→

JWT implementation and protection against CSRF and XSS

Posted on February 5, 2021 by Sujeet Agrahari

I have been going through OWASP guidelines on managing JWT based authentication. So, I have decided to change my current JWT implementation as per that.
Flow is as below.
When authenticated successfully,

Generate accessToken as JWT also a… Continue reading JWT implementation and protection against CSRF and XSS→

Satisfaction With WAFs at Only 40 Percent

Posted on January 14, 2021 by Timothy Chiu, VP of Marketing

A Ponemon study released in 2019 showed that satisfaction with WAFs (Web Application Firewalls) is at 40 percent, and effectiveness of WAFs rated at only 43 percent.
The post Satisfaction With WAFs at Only 40 Percent appeared first on K2io.
The post Sa… Continue reading Satisfaction With WAFs at Only 40 Percent→

What is the correlation between SpiderLabs/owasp-modsecurity-crs and coreruleset/coreruleset w/r/t Docker images

Posted on January 13, 2021 by shauntarves

We’ve been using the SpiderLabs/owasp-modsecurity-crs v3.1 image from Dockerhub for some time now. I went to upgrade to a later version and ran into some confusion about a) who/what is the active maintainer for this project b) how are dock… Continue reading What is the correlation between SpiderLabs/owasp-modsecurity-crs and coreruleset/coreruleset w/r/t Docker images→

35% of External Attacks Occur Through a Web Application

Posted on January 4, 2021 by Timothy Chiu, VP of Marketing

Back in June of 2020 we wrote about Forrester’s new 2020 State of Application Security report. Back then we focused on the finding that application vulnerabilities were the weakest link in application security. In this post, we’ll talk about the find… Continue reading 35% of External Attacks Occur Through a Web Application→

OWASP API Security Top 10: A Framework for Improving Your API Security Efforts

Posted on December 24, 2020 by Matt Keil

During a recent API Security conversation with a customer, I asked if they had seen the OWASP API Security Top 10 list. They had not heard about it yet, a response that is consistent with other customers as well as from industry analysts including Gart… Continue reading OWASP API Security Top 10: A Framework for Improving Your API Security Efforts→

Fourth Record Year in a Row for Vulnerabilities

Posted on December 15, 2020 by Timothy Chiu, VP of Marketing

On December 15, 2020 we just hit another milestone with the number of vulnerabilities recorded in the US CERT Vulnerability Database (so far in 2020) exceeding the total count in 2019, marking a fourth record year of vulnerabilities discovered in produ… Continue reading Fourth Record Year in a Row for Vulnerabilities→