OWASP SAMM | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners. Accept Software Assurance Maturity Model Our mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-
OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation
OWASP Email Problems (and solutions) Andrew van der Stock, August 1, 2024 Recently, Google, Microsoft, and Yahoo and other major email providers have been implementing stricter email authentication controls. This is a good thing, as it helps to reduce the amount of spam and phishing emails that we all receive. However, it can also cause problems for legitimate email senders, such as OWASP. In the
OWASP API Security Project | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners. Accept What is API Security? A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-fa
セキュアな Web アプリケーションを作るには? Vol.01 OWASP ASVS 4.0.1 編 | yamory Blog
セキュアな開発推進の助けになる「ASVS」の概要と yamory の見解についてご紹介します。
OWASP Application Security Verification Standard (ASVS) | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners. Accept What is the ASVS? The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. Support the ASVS For more details on how to
Ruby on Rails - OWASP Cheat Sheet Series
Ruby on Rails Cheat Sheet¶ Introduction¶ This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the Rails security guide from rails core. The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, th
A09 セキュリティログとモニタリングの失敗 - OWASP Top 10:2021
Overview Security logging and monitoring came from the Top 10 community survey (#3), up slightly from the tenth position in the OWASP Top 10 2017. Logging and monitoring can be challenging to test, often involving interviews or asking if attacks were detected during a penetration test. There isn't much CVE/CVSS data for this category, but detecting and responding to breaches is critical. Still, it
OWASP Secure Coding Practices – Quick Reference Guide
(Last Updated On: 2021年5月2日) OWASPのガイドラインはPCI DSSでも参照するように指定されているセキュリティガイドラインです。その中でも比較的簡潔かつ体系的にセキュアプログラミングを解説した資料がOWASP Secure Coding Practices – Quick Reference Guide (v2) です。 日本語訳がないようなので一部未訳ですが訳しました。CC-BY-SAライセンスです。クリエイティブコモンズライセンスに従って自由に配布できます。 チェックリスト形式になっているので、自分のコーディング/開発スタイルがどの程度適合しているのか、簡単にチェックできるようになっています。コーディングスタイルのみでなく、運用はシステム構成に関連する物も含まれています。私が解説/紹介しているセキュリティ対策を行っている開発チームであればこれらの殆どに適
OWASP Top 10:2021
Introduction Welcome to the OWASP Top 10 - 2021 Welcome to the latest installment of the OWASP Top 10! The OWASP Top 10 2021 is all-new, with a new graphic design and an available one-page infographic you can print or obtain from our home page. A huge thank you to everyone that contributed their time and data for this iteration. Without you, this installment would not happen. THANK YOU! What's cha
OWASP Benchmark | OWASP Foundation
Each Benchmark version comes with a spreadsheet that lists every test case, the vulnerability category, the CWE number, and the expected result (true finding/false positive). Look for the file: expectedresults-VERSION#.csv in the project root directory. Every test case is: an HTTP Servlet a true vulnerability or a false positive for a single CWE Release History Version 1.0 of the Benchmark was rel
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
ASVSの最適な使い方
Microsoft Word - Rails_Security_2
GitHub - OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
www-chapter-japan/secreq at master · OWASP/www-chapter-japan
www-chapter-japan/skillmap_project at master · OWASP/www-chapter-japan
Microsoft PowerPoint - Cyber Kill Chains
Command Injection | OWASP Foundation