This is a simple tracker I have created to facilitate the process of appetising so I do not lose myself in the excitement of the new findings. This helps going methodically through all the areas. I have used the OWASPv4
Your external security consultant just sent you the vulnerability report from the last test you ordered? What shall you do with all those findings and how to successfully communicate with the concerned parties? What could go wrong and why?
This is just a list with applicaitons and frameworks out there that could be used to test your web application pentesting kung fu skills or to test your automated tools. I am trying to keep copy of those with me,
This post is more to document my own “discovery” and not to get into the loop of researching the same topic again and again. And if someone finds it helpful its great. I was searching for PHP static code analysis tools
I have been thinking a lot about the fact that the panetesting, sourco code reviews and all those security assurance problems just point out the problem. Fixing the discovered application security issue however is a prerogative of the developers which
HTTP Basic Authentication brief explanation HTTP supports several authentication mechanisms. Upon a request for resource within a protected space the server should respond with authentication challenge using WWW-Authenticate header. In order to receive authorization the client should send requested identification
Here is amended version of the security source code review questionnaire. I added couple of questions and reworded couple of existing ones to eliminate some ambiguities. Security Source Code Review Questionnaire – v2 (English) Security Source Code Review Scoping Questionnaire
I’ve got frustrated couple of days ago when I needed to sent quickly a scoping questionnaire focusing on web application security assessment and was not able to find a single one in my archives. I was sure that I’ve put
Usually when the customer comes with request for security source code review one of the main questions is “How long it will take?”. And the answer of that particular question is not an easy one because it depends on so
Three days ago Adobe Labs surprised me with a beta version of their opensource Air application for SWF analysis called SWFInvestigator. It is available for download from the Adobe Labs website and the source code form the corresponding sourceforgeproject page.