Secure Your API in Node.js

The OWASP Top 10 2017 RC has two new entries that should be of great interest to any REST API developer. A4 – Broken Access Control A10 – Underprotected APIs Broken access control is a major problem. OWASP rates it as easily detectable, easily exploitable, and widespread across the Internet. Underprotected APIs refers to the …

Continue reading Secure Your API in Node.js

Advertisements

Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

My previous post broke down the first five vulnerabilities listed in the OWASP Top 10 2017 RC. The last half of the list has many interesting entries that will be fun to break down. So let’s jump right into it. Sensitive Data Exposure This vulnerability describes not properly storing sensitive data or allowing it to …

Continue reading Breaking Down the OWASP Top 10 2017 RC Part 2: Numbers 6 Through 10

Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Open Web Application Security Project (OWASP) is an open community whose mission is to enable organizations to develop, maintain, and use applications and APIs that can be trusted. They have many great resources for professionals to use to educate themselves on how to build secure web applications. One of OWASP’s flagship projects is the …

Continue reading Breaking Down the OWASP Top 10 2017 RC Part 1: Numbers One Through Five

The Great Certificate Debate–Are Security Certifications Worth It?

I recently stumbled upon an article claiming, quite strongly, that security certifications are worthless and causing more harm than good. This struck a cord with me because I became Security+ certified last year and recently got my CSSLP. Did I just waste my time and money on these certifications? This is certainly not the first …

Continue reading The Great Certificate Debate–Are Security Certifications Worth It?

5 Security Concepts All Developers Should Understand

I'm thrilled to announce that I have completed another guest post on Simple Programmer! This one deals with 5 Security Concepts All Developers Should Understand. Many developers understand basic security vulnerabilities such as XSS and CSRF. This post aims to outline the key security concepts that will help developers to build security in from the …

Continue reading 5 Security Concepts All Developers Should Understand

Application Security Tips Part 3–Protect Your Passwords

My ongoing series on application security has taken an interesting turn. For part 3 – Protect Your Passwords, I decided to submit my post as a guest writer on Simple Programmer, a great site run by John Sonmez. Turns out they liked my idea and it is now officially up on the site. I wanted …

Continue reading Application Security Tips Part 3–Protect Your Passwords