Security research, news and guidance

Yearly Archives: 2009

OWASP Top Ten 2010 and The Principles of Secure Development

November 19, 2009  |  Written by Security Ninja  |   Application Security   |   5 Comments

Hi everyone, Last week at OWASP AppSec USA Dave Wichers announced the new OWASP Top Ten 2010. The new Top Ten document is currently a release candidate and the OWASP are inviting feedback so if you have anything you would like to see changed/added then let them know. The new approach to the OWASP Top Ten is impressive and I like the professional look of the new document. The inclusion of a risk based approach … Read more >

IRISS Conference and HackEire

November 13, 2009  |  Written by Security Ninja  |   Data Loss, Hacking, Ninja News and Updates   |   1 Comment

Hi everyone, I blogged earlier this year about how happy I was to see conferences such as Epicenter embracing information security and how great it was to see Ireland’s first dedicated application security conference, now I have even more good news for the Information Security community in Ireland! The Irish national CSIRT (Computer Security Incident Response Team) will be holding its first annual conference on the 19th of November 2009 at the D4 Berkley Court … Read more >

Can you find the vulnerabilites? Part Two

November 5, 2009  |  Written by Security Ninja  |   Application Security   |   2 Comments

Hi everyone, It has been two weeks since the original Can you find the vulnerabilities post so I think it isĀ  time to explain the examples and show you the vulnerabilities. I had quite a few interesting emails and comments about the code samples and the vulnerabilites in them, some people even spotted additional security issues! I want to go through each example now and show you the vulnerabilities as well as explaining how they … Read more >

Output Validation using the OWASP ESAPI

October 29, 2009  |  Written by Security Ninja  |   Application Security   |   3 Comments

Hi everyone, It is time for me to publish the second post from our Principles of Secure Development to OWASP ESAPI mapping series. We will be looking at Output Validation and how the OWASP ESAPI can be used to implement this principle. I have taken onboard the feedback from the previous post and given more detailed examples of how you can implement the ESAPI within your environment. In the previous post we explained why it … Read more >

VIDEOS & SLIDESHARES

Look at our latest security Videos & SlideShares

EVENTS & SEMINARS

Upcoming Security Events & Seminars

PODCASTS & DOWNLOADS

Check out our Podcasts & White Papers