OWASP Archives - Prepaid Academy: Prepaid Program Management LLC

More Resources – Insufficient Logging And Monitoring

More Resources – Insufficient Logging And Monitoring OWASP Resources OWASP Proactive Controls: Implement Logging and Intrusion Detection OWASP Application Security Verification Standard: V8 Logging and Monitoring OWASP Testing Guide: …

[Continue Reading...]

Example Scenarios – Insufficient Logging And Monitoring

Example Scenarios – Insufficient Logging And Monitoring Scenario #1: An attacker uses scans to identify users using a common password. The attacker can then use this common password to …

[Continue Reading...]

How to Prevent – Insufficient Logging And Monitoring

How to Prevent – Insufficient Logging And Monitoring To prevent attackers from exploiting these kinds of vulnerabilities, it is important to first assess and classify the risk of the …

[Continue Reading...]

More Resources – Using Components With Known Vulnerabilities

More Resources – Using Components With Known Vulnerabilities OWASP Resources OWASP Application Security Verification Standard: V1 Architecture, design and threat modelling OWASP Dependency Check (for Java and .NET libraries) …

[Continue Reading...]

Example Scenarios – Using Components With Known Vulnerabilities

Example Scenarios – Using Components With Known Vulnerabilities Most components run with the same privileges as the application itself. So flaws in any component can result in serious impact. …

[Continue Reading...]

How to Prevent – Using Components With Known Vulnerabilities

How to Prevent – Using Components With Known Vulnerabilities It is important to have a patch management process in place. This process can be used to – Remove unused …

[Continue Reading...]

More Resources – Insecure Deserialization

More Resources – Insecure Deserialization OWASP Resources OWASP Cheat Sheet: Deserialization OWASP Proactive Controls: Validate All Inputs OWASP Application Security Verification Standard OWASP AppSecEU 2016: Surviving the Java Deserialization …

[Continue Reading...]

Example Scenarios – Insecure Deserialization

Example Scenarios – Insecure Deserialization Scenario #1: A React application calls a set of Spring Boot microservices. The application serializes user state and passes it back and forth with …

[Continue Reading...]

How to Prevent – Insecure Deserialization

How to Prevent – Insecure Deserialization For effective prevention, do not accept serialized objects from untrusted sources or use serialization mediums that only permit primitive data types. That is …

[Continue Reading...]

More Resources – Cross Site Scripting (XXS)

More Resources – Cross Site Scripting (XXS) OWASP Resources OWASP Proactive Controls: Encode Data OWASP Proactive Controls: Validate Data OWASP Application Security Verification Standard: V5 OWASP Testing Guide: Testing …

[Continue Reading...]

Topic Category: OWASP