Today we will finish up ASVS section 5. Next week we will begin ASVS 6.x (Output Encoding/Escaping Requirements). This should be a pretty short post.
ASVS 5.6 Requirement:
Verify that a single input validation control is used by the application for each type of data that is accepted.
ASVS 5.6 Solution:
Watch out for data […]
We are finally starting a new OWASP Top 10 security risk today. The next few weeks (or possibly month) will cover XSS prevention techniques in PHP. This is probably a little more glamorous/sexy than authentication and session management. Controls to protect an application against XSS are primarily represented in the OWASP ASVS sections 5 and […]
We are finishing up OWASP A3 today. Yay! I haven’t decided which section I will cover next, probably something fun like XSS or SQLi mitigations. Picking up where we left off, we are at ASVS 2.7…
ASVS 2.7 Requirement:
Verify that the strength of any authentication credentials are sufficient to withstand attacks that are typical […]
Search Posts
Security Categories
- Android
- Apache Security
- Burp
- CodeWatch
- Deadrop
- Java
- Linux
- Metasploit
- OWASP 2010 A1
- OWASP 2010 A10
- OWASP 2010 A2
- OWASP 2010 A3
- OWASP 2010 A4
- OWASP 2010 A5
- OWASP 2010 A6
- OWASP 2010 A7
- OWASP 2010 A9
- OWASP 2013 A9
- Penetration Testing
- Phishing
- PHP Security
- PowerShell
- Python
- Social Engineering
- Unix
- Windows
Top Tags
ASVS 3.1 ASVS 3.2 ASVS 3.3 ASVS 3.4 ASVS 3.5 ASVS 3.6 ASVS 3.7 ASVS 3.8 ASVS 3.9 ASVS 3.10 ASVS 3.11 ASVS 3.12 ASVS 3.13 ASVS 11.4 bcrypt Burp Suite Pro CodeWatch CryptoPP Hashcat Hyperion Java Linux Metasploit Meterpreter mimikatz msfencode msfpayload Ophcrack OWASP 2010 A1 - Injection OWASP 2010 A2 - Cross-Site Scripting (XSS) OWASP 2010 A3 - Broken Authentication and Session Management Penetration Testing Phishing PHP Powershell Python SET Shellcodeexec Social Engineering Unix Veil VirusTotal WAF Web App Pentesting Windows