The OWASP Winter Code Sprint (OWCS) is a program to involve students with Security projects. By participating in OWCS a student can get real life experience ...

The OWASP Code Sprint 2017 is a program that aims to provide incentives to students to contribute to OWASP projects. By participating in the OWASP Code Sprint ...

As an abstract category of concepts, it can be difficult to grasp where controls fit into the collection of policies, procedures, and standards that create the ...

Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review (also known as white-box testing) and is carried out at ...

Some platforms make it easy to protect against Session Fixation, while others make it a lot more difficult. In most cases, simply discarding any existing ...

The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the ...

SIM swapping, also known as SIM jacking or SIM hijacking, represents a method of identity theft in which a perpetrator illicitly acquires possession of your ...

The line between Intrusion Detection and Intrusion Prevention Systems (IDS and IPS respectively) has become increasingly blurred. However, these two controls ...

The ideas proposed into this page can seems to be uncommon, aggressive or a little bit crazy in corporate environment (like a web banking) but the initial page ...

CSP stands for Content Security Policy. Is a W3C specification offering the possibility to instruct the client browser from which location and/or which type ...

In many systems, a User's email address is used for identity. The process below is the recommended method to implement in a system to handle the situation when ...

Certificate and Public Key Pinning is a technical guide to implementing certificate and public key pinning as discussed at the Virginia ...

Java source code is typically compiled into Java bytecode -- the instruction set of the Java virtual machine. The compiled Java bytecode can be easily reversed ...

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by ...

Currently, DNS servers are widely misused to amplify DoS traffic. This is called a DNS Amplification or Reflective attack. It appears that SOAP webservices ...

" tabindex="0" role="button" style="box-sizing: border-box; position: relative; display: flex !important; padding: 0px !important; font-size: 14px; ...

It is possible for an attacker to execute JavaScript in a video's subtitle. This is also referred to as XSS (Cross-Site Scripting). If a website loads subtitle ...

Attackers may be able to execute JavaScript during the conversion of the content of a file to text, which is commonly known as Cross-Site Scripting (XSS). If ...

Similar to SQL Injection, XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending ...

The NTFS file system includes support for alternate data streams. This is not a well known feature and was included, primarily, to provide compatibility with ...