Checking framework vulnerabilities using Dependency Check

An introduction to OWASP Dependency Check
Jun '14

Checking framework vulnerabilities using Dependency Check

A web-application is never finished. Even when no new features are being developed new vulnerabilities may be found in the frameworks used in the application requiring a patch or an upgrade. Are you actively monitoring the frameworks that are in use in your applications? My guess is no, or at least not all of them. Well, luckily enough OWASP has a very nice utility that easily integrates into a build environment and can do most of the hard work for you. Let me tell you about it. Learn more...

Dec '13

Securing web apps using OWASP ZAP in Passive Mode

The OWASP Zed Attack Proxy is a powerful open source web application security assessment tool. Even in passive mode, where it just inspects the traffic generated by your browser, it can give valuable pointers for securing your web application against abuse. In this blog post I will explain how to configure your browser to use the OWASP ZAP Proxy to click through a web application running on local host. Also I will explain its various findings and how to solve them. Learn more...

Mar '13

The Dark Secret of Spring MVC

Do you use Spring MVC in a basic CRUD setup, like with an OpenSessionInView filter and your Entities also as Data Transfer Objects? Then you may have exposed more of your model than you've anticipated. Learn more...