Standard pseudo-random number generators cannot withstand cryptographic attacks. Insecure randomness errors occur when a function that can produce predictable ...

Improperly scrubbing sensitive data from memory can compromise security. Compiler optimization errors occur when: Secret data is stored in memory. ...

Injection problems span a wide range of instantiations. The basic form of this flaw involves the injection of control-plane data into the data-plane in order ...

Multiple validation forms with the same name indicate that validation logic is not up-to-date. If two validation forms have the same name, the Struts ...

Like most major vulnerabilities, this major vulnerability is well branded. It gets it's name from the heart beat function between client and server. According ...

Expression Language (EL) Injection happens when attacker controlled data enters an EL interpreter. With EL implementations prior to 2.2, attacker can recover ...

Double free errors occur when free() is called more than once with the same memory address as an argument. Calling free() twice on the same value can lead to ...

Data which is untrusted cannot be trusted to be well formed. Malformed data or unexpected data could be used to abuse application logic, deny service, or ...

The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with ...

Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors ...

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory ...

Christopher Frenz is the AVP of Information Security for Interfaith Medical Center where he worked to develop the hospital's information security program and ...

OWASP BLT is a bug-hunting & logging tool which allows users and companies to hunt for bugs, claim bug bounties and also to start bug-hunting ...

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a ...

OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is ...

The Google Summer of Code program (“GSoC”) is designed to encourage student participation in open source development. Through GSoC, accepted student applicants ...

We want to extend the functionality of SKF Bot. (Security Knowledge Framework Chatbot): Some improvements or the suggestions which we can do to improve the ...

This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html Their ...

] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe ...

Open source software is changing the world and creating the future. Want to help shaping it? We’re looking for students to join us in making 2017 the best ...