The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, their goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation.The project recently published the OWASP [...]
Breaches happen every day. Is your business prepared? This blog post is based on OWASP Top 10 Guidance for Incident Response, and it will provide a proactive approach to incident response planning.A security incident is an identified occurrence or weakness indicating a possible breach of security policies or failure of safeguards, or a previously unknown [...]
Because the media mostly focus on bigger data breaches, small business owners may assume that hackers only pursue companies with huge amounts of data, and that their own company would be of little interest to hackers. In reality, this is simply not true. Small Businesses - An Interesting TargetSmall businesses store valuable data [...]
The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.A primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web [...]
This blog post is based on OWASP Transport Layer Protection Cheat Sheet, and it will provide simple rules to follow when implementing transport layer protection for an application.Although the concept of TLS is known to many, the actual details and security specific decisions of implementation are often poorly understood and frequently result in insecure [...]
As software developers author the code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques.All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind. [...]
Cyber attacks are a risk for all businesses, regardless of size. Security testing will reveal if your company's security measures can withstand external threats, and whether they are adequate and functioning correctly.Effective network security testing simulates an attack from a malicious source, mapping the possibility of an attack and what consequences it can have [...]
Most software suppliers are highly skilled at what they do. Their developers are experts at building systems, and making things work. Hackers do however have a completely different mindset. Their focus are on how to break things, and on how to exploit functionality in systems. Because of this, software suppliers can benefit from conducting [...]
Cyber attacks are a risk for all businesses, regardless of size. A security test can reveal if your security measures can withstand external threats, and whether they are adequate and functioning correctly. Effective network security testing simulates an attack from a malicious source. Mapping the possibility of an attack and what consequences it can [...]
Exploit kits can download malicious code and malware on your computer automatically while you are surfing the Internet. In this blog post we will have a closer look at this devious form of attack. What are exploit kits?Exploit kits are tools that cyber criminals use to scan your system for vulnerabilities, exploit the [...]