November 15, 2009 | Posted by admin
OWASP Released a new version of their OWASP Top 10 in a Release Candidate has been released, just in time for 2010. A copy of this can be found here. OWASP releases a Top 10 list periodically of the tem most critical web application security risks. There were two new entries:
- Security Misconfiguration was added at #6
- Unvalidated Redirects and Forwards at #8
Removed were:
- Malicious File Execution – Still a problem but appears to be under control more then the other 10.
- Information Leakage and Improper Error Handling – Also appears to be under some control compared to the rest of the top 10.
NOTE: Just because Malicious File Execution and Information Leakage and Improper Error Handling have been removed from the top 10 does not mean that they are not important to take care of. It just means they are more understood now and happen much less then they did in 2007.
For more information on the OWASP top 10 visit OWASP at http://www.owasp.org.
Categories: Application Security, OWASP | 
Tags: | 
No Comments »
November 15, 2009 | Posted by admin
When I first started looking into security within web applications years ago there really was no resource that you could take advantage of. This has now changed with OWASP. Their mission is to make application security visible, so that people can make informed decisions. OWASP is a 5013c organization using mostly volunteers. They have over 130 local chapters worldwide that hold meetings to discuss application security, some chapters hold conferences as well. They have over 100 projects in many stages, all carrying the goal of improving application security. OWASP also creates a large number of tools and guides to encourage building applications more securely. The OWASP Development Guide, and the OWASP top ten are essential reading for developers. Other projects such as OWASP’s Enterprise Security API (ESAPI) and WebGoat are also essential tools in web security. I will be posting articles that talk about each of their projects over the next few months. I encourage you to check out your local OWASP Chapter.
Categories: Application Security, OWASP | Tags: | No Comments »
September 27, 2009 | Posted by admin
Welcome to GlennLeifheit.com I will be posting information and discussions on information security, software security, and other miscellaneous Technology topics. Enjoy!
Categories: Uncategorized | Tags: | No Comments »