Discovering vulnerabilities is important, but being able to estimate the associated risk to the business is just as important. Early in the life cycle, one may ...

What best practices I should remember while designing login pages? From login pages, users should be sent to a page for authentication. Once ...

Injection is an attacker's attempt to send data to an application in a way that will change the meaning of commands being sent to an interpreter. For example, ...

An injection flaw is a vulnerability which allows an attacker to relay malicious code through an application to another system. This can include compromising ...

Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such ...

According to a daily blog article by Jordan Wiens, “No cookie for you!”, HttpOnly cookies were first implemented in 2002 by Microsoft Internet Explorer ...

In the interest of ensuring that there will be a future for hackers, criminals, and others who want to destroy the digital future, this paper captures tips ...

Since ORM architecture isn't obvious, this document will explain some important things you need to know in order to analyze a Hibernate application in a ...

Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data ...

OWASP's mission is to help the world improve the security of its software. One of the best ways OWASP can do that is to help Open Source developers improve the ...

This attack technique consists of encoding user request parameters twice in hexadecimal format in order to bypass security controls or cause unexpected ...

Modern software is assembled using third-party and open source components, glued together in complex and unique ways, and integrated with original code to ...

Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. These checks are ...

CSRF abuses the trust relationship between browser and server. This means that anything that a server uses in order to establish trust with a browser (e.g., ...

Access Control, also known as Authorization — is mediating access to resources on the basis of identity and is generally policy-driven (although the policy may ...

Request validation is a feature in ASP.NET that examines HTTP requests and determines whether they contain potentially dangerous content. This check adds ...

The Follina vulnerability represents a significant risk within Microsoft Office products. It enables remote code execution (RCE) attacks, demanding immediate ...

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an ...

Referencing memory after it has been freed can cause a program to crash. The use of heap allocated memory after it has been freed or deleted leads to ...

The use of a hard-coded password increases the possibility of password guessing tremendously. Consequences Authentication: If hard-coded passwords are ...