Topic Category: OWASP

How to Prevent – XML External Entities (XXE) In order to properly identify and mitigate XXE attacks, it is important to train developers to incorporate best practices at various …

More Resources – Sensitive Data Exposure OWASP Resources OWASP Proactive Controls: Protect Data OWASP Application Security Verification Standard (V7,9,10) OWASP Cheat Sheet: Transport Layer Protection OWASP Cheat Sheet: User …

How to Prevent – Sensitive Data Exposure Sensitive Data must be properly encrypted, both during storage and transmission. At a minimum the following steps and protocols must be followed: …

More Resources – Broken Authentication OWASP Resources OWASP Proactive Controls: Implement Identity and Authentication Controls OWASP ASVS: V2 Authentication, V3 Session Management OWASP Testing Guide: Identity, Authentication OWASP Cheat …

How to Prevent – Broken Authentication Multi-factor authentication is the best way to prevent many automated authentication based attacks like credential stuffing and brute force. It is even effective …

More Resources – Injection OWASP Resources OWASP Proactive Controls: Parameterize Queries OWASP ASVS: V5 Input Validation and Encoding OWASP Testing Guide: SQL Injection, Command Injection, ORM injection OWASP Cheat …

How to Prevent – Injection The best way to prevent injection formalities is to keep the data separate from commands and queiries. This can be done by: Using safe …