tag owasp Blog Related Topics 
Xebia
FEBRUARY 17, 2023
Like I mentioned in the previous blog, during this blog series we are going to look at the different types of Application Security Testing and Software Composition Analysis. We conclude with a demo of an open source DAST tool called OWASP ZAP by using it against our own vulnerable web application. You can download Docker here.
Xebia
JUNE 19, 2023
Introduction Welcome to part three of the blog series about Application Security Testing. In this blog we are going to learn about Interactive Application Security Testing (IAST). We will look at their SCA solution in a later blog. The library findings will be discussed in the next blog. Click on “Vulnerabilities”.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tenable
MAY 10, 2024
These are some of the tactics, techniques and procedures MITRE observed during the breach: In the blog “ Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion, MITRE added more details, such as: The attackers initially accessed NERVE by deploying the ROOTROT webshell on an external-facing Ivanti appliance. What does it take?
Prisma Clud
AUGUST 30, 2023
As we discussed in the previous blog post, Third-Party GitHub Actions: Effects of an Opt-Out Permission Model , the permissive nature of GitHub Actions workflows is prevalent throughout the open-source community and private projects on GitHub. Figure 3: Pyupio/safety’s action.yaml file pulls a mutable image with the ‘latest’ tag.
Tenable
APRIL 16, 2024
But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Our SBOM is in the OWASP CycloneDX format. It also includes all the parameters used and the configuration steps’ output.
Tenable
AUGUST 4, 2023
The Tenable Security Response Team covered the advisory in-depth in its blog “ AA23-215A: 2022's Top Routinely Exploited Vulnerabilities. ” That’s the main finding from IBM’s “Cost of a Data Breach Report 2023,” which pegged the price tag at a global average of $4.45 Check out the aptly titled blog “What is a Zero Trust Architecture?”
Tenable
NOVEMBER 18, 2021
SSRF flaws have become so commonplace that they’re now part of the Open Web Application Security Project ( OWASP) TOP 10 for 2021. The final attack scenario we will cover for this blog post is the use of the “gopher://” wrapper, which is particularly interesting in the case of a blind SSRF. What is a server-side request forgery?
Expert insights. Personalized for you.
130 
Let's personalize your content