What has changed in OWASP Top Ten 2010? by Jaykishan Nirmal, Lead Consultant - SDL practice, Aujas networks
It is almost 8 years now, since OWASP has become the de-facto standard for developers, architects and designers to develop secure applications. Security Professionals use OWASP testing guide as a bible to ensure a comprehensive assessment. OWASP released the Top Ten on April 19th 2010 and this document will highlight some of the key changes derived from the 22 pages of OWASP TOP Ten 2010 release document.
A Practical Approach to Security Code Review by Jaykishan Nirmal, Security Consultant, Aujas Networks
Software security is increasingly becoming the focus of the industry. Research sources suggest that 75% of new hack attempts are targeted at Software Security and 90% of the vulnerabilities are in software. Recently conducted survey states that more than 75% of bank websites had at least one design flaw. This white paper discusses some of the crucial problems faced during security code review. It illustrates some methods to find vulnerabilities in the code base and trace it back to design problems. It also emphasizes the root cause fixes as a part of mitigation actions to solve application security problems.
Software Immunity by the Aujas Team
Software security is increasingly becoming the focus of the security industry. Research sources suggest that 75% of new hack attempts are targeted at Software Security and 90% of the vulnerabilities are in software. This white paper presents a very high-level overview of software security and various aspects that contribute to it. It dwells on the risk modeling as applicable to software security and suggests remedies and countermeasures from process, technology and process perspectives.
Protection from Distributed Denial of Service by Madhankumar V, Practice Head – IT GRC, Aujas and Bhavuk Arora, Consultant – Vulnerability Management, Aujas Networks
In the ever expanding networks of today, Denial of Service is a growing form of attack. This white paper looks at the anatomy of a DDoS and explains the best practices for safeguarding your network against the same.
