The OWASP Winter Code Sprint (OWCS)
The OWASP Winter Code Sprint (OWCS) is a program to involve students with Security projects. By participating in OWCS a student can get real life experience while contributing to an open source ...
Rx iT World Hacking Tutorial
OWASP Security Knowledge framework
The OWASP Code Sprint 2017 is a program that aims to provide incentives to students to contribute to OWASP projects. By participating in the OWASP Code Sprint 2017 a student can get real life ...
While the ISACA COBIT
As an abstract category of concepts, it can be difficult to grasp where controls fit into the collection of policies, procedures, and standards that create the structures of governance, management, ...
Static Code Analysis (also known as Source Code Analysis)
Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review (also known as white-box testing) and is carried out at the Implementation phase of a Security ...
Session Fixation Protection
Some platforms make it easy to protect against Session Fixation, while others make it a lot more difficult. In most cases, simply discarding any existing session is sufficient to force the framework ...
Secure Cookie Attribute
The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies ...
How to prevent SIM swap fraud?
SIM swapping, also known as SIM jacking or SIM hijacking, represents a method of identity theft in which a perpetrator illicitly acquires possession of your mobile phone number by reassigning it to a ...
Intrusion Detection
The line between Intrusion Detection and Intrusion Prevention Systems (IDS and IPS respectively) has become increasingly blurred. However, these two controls are distinguished primarily by how they ...
Detect Profiling Phase
The ideas proposed into this page can seems to be uncommon, aggressive or a little bit crazy in corporate environment (like a web banking) but the initial page author is personally convinced that if ...
CSP stands for Content Security Policy.
CSP stands for Content Security Policy. Is a W3C specification offering the possibility to instruct the client browser from which location and/or which type of resources are allowed to be loaded. To ...
Changing A User’s Registered Email Address
In many systems, a User's email address is used for identity. The process below is the recommended method to implement in a system to handle the situation when a User would like to change that ...
Certificate and Public Key Pinning
Certificate and Public Key Pinning is a technical guide to implementing certificate and public key pinning as discussed at the Virginia chapter's presentation Securing Wireless Channels in the Mobile ...
Bytecode Obfuscation – How to recover Source Code from Bytecode?
Java source code is typically compiled into Java bytecode -- the instruction set of the Java virtual machine. The compiled Java bytecode can be easily reversed engineered back into source code by a ...
Blocking Brute Force Attacks
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible ...
Web Service Amplification Attack
Currently, DNS servers are widely misused to amplify DoS traffic. This is called a DNS Amplification or Reflective attack. It appears that SOAP webservices that implement WS-Addressing might be ...
Cross Site Request Forgery (CSRF)
" tabindex="0" role="button" style="box-sizing: border-box; position: relative; display: flex !important; padding: 0px !important; font-size: 14px; font-weight: var(--base-text-weight-medium, 500); ...
Xss_in_subtitle Attacks
It is possible for an attacker to execute JavaScript in a video's subtitle. This is also referred to as XSS (Cross-Site Scripting). If a website loads subtitle separately in the browser then an ...
XSS in Converting File Content to Text
Attackers may be able to execute JavaScript during the conversion of the content of a file to text, which is commonly known as Cross-Site Scripting (XSS). If an image containing XSS payload is ...
XPATH Injection
Similar to SQL Injection, XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into ...
Windows – DATA Alternate Data Stream
The NTFS file system includes support for alternate data streams. This is not a well known feature and was included, primarily, to provide compatibility with files in the Macintosh file system. ...
