Posts from May 2012

Understanding the threat landscape is vital to ensuring software is developed and maintained as securely as practically possible. Recent high profile cases of data theft and poorly developed "secure" online services serve to remind us that effective development and testing methodologies must not neglect security.

 

Security is inevitably compromised for the sake of usability (the best security policy would eschew all public access). However, this is no excuse for poor design and development. This series will highlight the top 10 security vulnerabilities as determined by the Open Web Application Security Project (OWASP).

 

We kick off this security series with the top security risk according to the OWASP top 10 for 2010 - Injection.