Open Web Application Security Project issues new secure coding bible

DARREN PAULI | April 26, 2016

article image
The Open Web Application Security Project (OWASP) has published the third version of its developer security bible trimming the fat and offering peer-reviewed and tested means of building more secure apps.The Application Security Verification Standard Project (ASVS) is the carrot to OWASP's much-cited stick that is the Top 10 web app security flaws.It promises acolytes harder, better-assured software that will keep user data safe and company names out of the data breach press cycle."The Top Ten are the things not to do," says OWASP veteran and security boffin Andrew van der Stock. "The ASVS says to developers that 'if you do these 20 things well, you won't have problems'".Van der Stock, of Victoria, is co-project leader of the 2015 ASVS edition (PDF) along Daniel Cuthbert, both whom have worked with the OWASP machine from its infancy."It goes beyond [the Top Ten] covering things like access controls, business logic flaws, a new topic on web services, and number of critical areas," he says.

Spotlight

defencebyte

defencebyte is a big name among the PC security providers. We have world class expert engineers who work on various technologies and their positive as well negative aspect to identify the root cause of items and detect them. Our engineering team has threat analysts, researchers, and virus hunters who work to defend your machines against digital crimes by analyzing all sorts of threats.

OTHER ARTICLES

5 Benefits of Investing in Cyber Security & IT solutions in 2021

Article | June 2, 2021

Cyber Security has quickly evolved from being just an IT problem to a business problem. Recent attacks like those on Travelex and the SolarWinds hack have proved that cyber-attacks can affect the most solid of businesses and create PR nightmares for brands built painstakingly over the years. Investing in cyber security training, cyber security advisory services and the right kind of IT support products, has therefore, become imperative in 2021. Investing in cyber security infrastructure, cyber security certification for employees and IT solutions safeguards businesses from a whole spectrum of security risks, ransomware, spyware, and adware. Ransomware refers to malicious software that bars users from accessing their computer system, whereas adware is a computer virus that is one of the most common methods of infecting a computer system with a virus. Spyware spies on you and your business activities while extracting useful information. Add social engineering, security breaches and compromises to your network security into the mix, and you have a lethal cocktail.

Read More

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | February 10, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More

Creating and rolling out an effective cyber security strategy

Article | April 16, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

Single Layers Of Security Aren’t Enough To Protect Your Organization’s Data

Article | May 3, 2020

Next to your employees, your organization’s data is its most important resource. A data breach can devastate an organization’s finances and reputation for years. According to the 2019 Cost of a Data Breach Report, conducted by Ponemon Institute, the average total cost of a data breach in the U.S. is close to $4 million, and the average cost per lost data record is $150. Hackers are more sophisticated than ever and the value of data seems to rise every day. In fact, McAfee believes that 92% of organizations unknowingly have credentials for sale on the Dark Web or “dark net.”

Read More

Spotlight

defencebyte

defencebyte is a big name among the PC security providers. We have world class expert engineers who work on various technologies and their positive as well negative aspect to identify the root cause of items and detect them. Our engineering team has threat analysts, researchers, and virus hunters who work to defend your machines against digital crimes by analyzing all sorts of threats.

Events