In the previous article we covered some important security aspects regarding server-side infrastructure. This article covers some of the challenges we face on the client-side, in particular when working with browsers. The browser is a very attractive target environment for distributing applications and systems to the user. It’s easy to access and requires no additional installation since most of today’s users have access to a modern browser. For the user it is, compared to installing and ...| Omegapoint Security Blog
The OWASP Application Security Verification Standard (ASVS) Project is a framework of security requirements that focus on defining the security controls required when designing, developing and testing modern web applications and web services.| owasp.org
This article will show how to implement our six-step model for building APIs highlighting key aspects for creating APIs that are secure by design. Example code is available on GitHub.| securityblog.omegapoint.se
This article presents a test-driven approach to application security and shows how we can write automated tests to prove that our defenses work as expected.| securityblog.omegapoint.se
Base Score| nvd.nist.gov
Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!| owasp.org
The Web Security Academy is a free online training center for web application security, brought to you by PortSwigger. Create an account to get started.| portswigger.net
OWASP API Security Project on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.| owasp.org
OWASP Top 10:2021| owasp.org