Delicious

In this article, I've shown you how to pentest a web application using Firefox and OWASP's Zed Attack Proxy (ZAP). I found ZAP to be a nice tool for figuring out vulnerabilities, but it'd be nice if it had a "retest" feature to see if you fixed an issue for a particular URL.

What we need is implementation-level security issues taken care of at the language and framework level. So that developers can focus on their real jobs: solving design problems and writing code that works.

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes

OWASP Tiger is a Windows application that helps you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications

The problem of insecure software is perhaps the most important technical challenge of our time. Security is now the key limiting factor on what we are able to create with information technology. At OWASP, we're trying to make the world a place where insec

In the articles to follow, I'll explore the 2007 OWASP Top 10. We'll look at causes for these vulnerabilities and how to defend against potential exploits

OWASP is happy to announce the first release of OWASP Pantera – Web Assessment Studio. Pantera is a mix between a pentest proxy, an application scanner, and an intelligent analysis framework. Pantera’s goal is to leave the analysis and automatic (rep

Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. It follows an Accept-only approach in which this tool looks for a finite set of valid input and everything else is considered invalid.

As a part of the upcoming version of the Open Web Application Security Guide project, Andrew Van Der Stock has posted his slides of a presentation he did as a preview of the “Ajax chapter†for the new guide (version 2.1).