Category: owasp

  • Blog
  • Category: owasp

Software and Data Integrity Failures – OWASP Top Ten

Welcome to the final entry in our OWASP Top Ten Series – Software and Data Integrity Failures. If you haven’t read any of the previous ones, check them out. Among the OWASP Top Ten entries, Software and Data Integrity Failures have emerged as a formidable category that encapsulates a range of issues where assumptions about

Mobile Application Penetration Testing – #1 – Getting Started

Welcome to the first of many parts of our series on Mobile Application Penetration Testing. We wanted to write this series because it seems like a lot of the material out there on mobile application penetration testing is out of date, wrong, or lacking. Furthermore, when it comes to mobile application penetration testing, there are

OWASP Top Ten – Insecure Design

Insecure Design was a new entry when the latest version of the OWASP Top Ten was released in 2021. An really, what it gets at is a good lesson – Designing an application with security in mind can go a long way in ensuring that the end product is robust against all sorts of vulnerabilities.

OWASP Top Ten – Security Misconfiguration

What exactly is a Security Misconfiguration? It seems kind of nebulous, right? Well, that’s because it is. This vulnerability covers a wide range of issues that are some of the most prevalent in the wild and manifests in different forms—unnecessary default settings, overly verbose error handling, and unprotected files and directories, to name a few.

OWASP Top Ten – Broken Access Control

First things first, did you know that the OWASP acronym has changed from Open Web Application Security Project to Open Worldwide Application Security Project? Neither did we! But onto the real stuff. Today we have another entry in the OWASP Top Ten Series – Broken Access Control. This is one of the most prevalent vulnerabilities

Certification Pinning and Root Detection: Helpful but Not Unhackable

Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the security of a mobile app, it’s important to understand that no solution is ever completely

Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting

Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR

OWASP Mobile Application Security Testing Guide (MASTG)

Intro With the ever increasing use of mobile applications in various aspects of our lives, ensuring the security and privacy of users has become a top priority for developers and organizations alike. As mobile applications store and process sensitive data, securing them against potential attacks is of utmost importance. The Open Web Application Security Project