XXE - OWASP's Easily Preventable Newcomer
XML eXternal Entity injection (XXE) is an injection attack that occurs when untrusted XML input referencing an external entity is processed by a weakly configured XML parser. This attack may lead to denial of service, Server Side Request Forgery (SSRF), confidential data disclosure, and other negative impacts. Rather than grouping XXE injection with other injection vulnerabilities (A1), OWASP decided to single this one and give it the number four spot (A4)...
Read More >
The OWASP Top Ten 2017 - Movers & Shakers
The OWASP Top 10 has been leveraged by organizations of all sizes and maturity as an informal Web application standard for over a decade. For it to be relevant though, teams applying it need to understand the goal of the project and risk ranking techniques. The goal of the OWASP Top 10 is not necessarily to identify top vulnerabilities or attacks, but to identify the most serious risks for a broad array of organizations. This is an important distinction because...
Read More >
OWASP Top Ten: Why it Still Matters
The OWASP Top Ten is an expert consensus of the most critical risks facing web applications and the teams who are developing them. The primary purpose is to raise awareness and provide a framework for prioritizing your application security efforts. You can use the OWASP Top 10 to address most common attacks and vulnerabilities that expose your organization to attack. Due to the importance of Application Security in reducing overall...
Read More >
