Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

My previous post broke down the first five vulnerabilities listed in the OWASP Top 10 2017 RC. The last half of the list has many interesting entries that will be fun to break down. So let’s jump right into it. Sensitive Data Exposure This vulnerability describes not properly storing sensitive data or allowing it to …

Continue reading Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Open Web Application Security Project (OWASP) is an open community whose mission is to enable organizations to develop, maintain, and use applications and APIs that can be trusted. The have many great resources for professionals to use to educate themselves on how to build secure web applications. One of OWASP’s flagship projects is the …

Continue reading Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Great Certificate Debate–Are Security Certifications Worth It?

I recently stumbled upon an article claiming, quite strongly, that security certifications are worthless and causing more harm than good. This struck a cord with me because I became Security+ certified last year and recently got my CSSLP. Did I just waste my time and money on these certifications? This is certainly not the first …

Continue reading The Great Certificate Debate–Are Security Certifications Worth It?

Application Security Tips Part 3–Protect Your Passwords

My ongoing series on application security has taken an interesting turn. For part 3 – Protect Your Passwords, I decided to submit my post as a guest writer on Simple Programmer, a great site run by John Sonmez. Turns out they liked my idea and it is now officially up on the site. I wanted …

Continue reading Application Security Tips Part 3–Protect Your Passwords

Application security tips part 2 – SQL Injection

In part one of this series, I discussed the process of threat modeling an application. Once that step is done, you will have some concrete threats for which you need to prepare. Let's take a look at some of the threats that you would likely identify as part of the threat modeling exercise and how …

Continue reading Application security tips part 2 – SQL Injection