IT Security Expert Blog

A UK view on Cybersecurity & Information Security, Everything Computer Security from the very basics to the advanced. A blog with a focus on the latest Cyber Security developments & issues in the UK, including Hacking, Privacy (GDPR), Data Breaches, security standards such as NIST, PCI DSS, Cyber Essentials & ISO27001, all will be simply explained.

Tuesday, 12 December 2017

Scan your app to find and fix OWASP Top 10 - 2017 vulnerabilities

Following the updated release of OWASP Top Ten (2017), I have updated my IBM developerWorks article "Scan your app to find and fix OWASP Top 10 - 2017 vulnerabilities", which was released on the IBM Developer Works website today
Posted by SecurityExpert at 23:30 No comments:
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Labels: application security, ibm, OWASP
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)
Click here for the IT Security Expert Website
Part of the

Cyber Security Expert Website
Tweets by @SecurityExpert Dave Whitelegg Media Info

Subscribe To

Posts
Atom
Posts
All Comments
Atom
All Comments

Search IT Security Expert Blog

Blog Archive

  • ►  2021 (34)
    • ►  June (3)
    • ►  May (10)
    • ►  April (8)
    • ►  March (6)
    • ►  February (4)
    • ►  January (3)
  • ►  2020 (49)
    • ►  December (7)
    • ►  November (6)
    • ►  October (2)
    • ►  September (3)
    • ►  August (5)
    • ►  July (6)
    • ►  June (2)
    • ►  May (2)
    • ►  April (4)
    • ►  March (5)
    • ►  February (3)
    • ►  January (4)
  • ►  2019 (76)
    • ►  December (9)
    • ►  November (17)
    • ►  October (7)
    • ►  September (2)
    • ►  August (1)
    • ►  July (3)
    • ►  June (5)
    • ►  May (9)
    • ►  April (3)
    • ►  March (4)
    • ►  February (6)
    • ►  January (10)
  • ►  2018 (27)
    • ►  December (3)
    • ►  November (3)
    • ►  October (2)
    • ►  September (4)
    • ►  August (1)
    • ►  July (2)
    • ►  June (1)
    • ►  May (2)
    • ►  April (1)
    • ►  March (2)
    • ►  February (3)
    • ►  January (3)
  • ▼  2017 (38)
    • ▼  December (1)
      • Scan your app to find and fix OWASP Top 10 - 2017 ...
    • ►  November (2)
    • ►  October (3)
    • ►  September (7)
    • ►  August (4)
    • ►  June (5)
    • ►  May (5)
    • ►  April (3)
    • ►  March (3)
    • ►  February (2)
    • ►  January (3)
  • ►  2016 (23)
    • ►  December (4)
    • ►  November (4)
    • ►  October (2)
    • ►  September (4)
    • ►  August (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (1)
    • ►  April (2)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2015 (12)
    • ►  December (1)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  June (3)
    • ►  May (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (2)
  • ►  2014 (21)
    • ►  November (1)
    • ►  September (2)
    • ►  July (2)
    • ►  June (4)
    • ►  May (1)
    • ►  April (2)
    • ►  March (3)
    • ►  February (4)
    • ►  January (2)
  • ►  2013 (33)
    • ►  December (1)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (3)
    • ►  June (4)
    • ►  May (1)
    • ►  April (2)
    • ►  March (2)
    • ►  February (2)
    • ►  January (2)
  • ►  2012 (32)
    • ►  December (2)
    • ►  November (5)
    • ►  October (5)
    • ►  September (1)
    • ►  August (13)
    • ►  July (2)
    • ►  June (2)
    • ►  March (1)
    • ►  January (1)
  • ►  2011 (14)
    • ►  November (1)
    • ►  October (1)
    • ►  September (2)
    • ►  August (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (3)
    • ►  February (1)
    • ►  January (3)
  • ►  2010 (18)
    • ►  November (1)
    • ►  October (2)
    • ►  September (2)
    • ►  August (1)
    • ►  July (1)
    • ►  May (1)
    • ►  April (3)
    • ►  March (3)
    • ►  February (3)
    • ►  January (1)
  • ►  2009 (29)
    • ►  December (1)
    • ►  November (3)
    • ►  October (2)
    • ►  August (1)
    • ►  July (4)
    • ►  June (3)
    • ►  May (1)
    • ►  April (2)
    • ►  March (4)
    • ►  February (4)
    • ►  January (4)
  • ►  2008 (26)
    • ►  December (3)
    • ►  November (2)
    • ►  October (3)
    • ►  September (2)
    • ►  July (2)
    • ►  June (3)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  February (1)
    • ►  January (4)
  • ►  2007 (60)
    • ►  December (6)
    • ►  November (14)
    • ►  October (4)
    • ►  September (8)
    • ►  August (6)
    • ►  July (6)
    • ►  June (9)
    • ►  May (7)

Post Categories

data breach Data Protection Patching ransomware cyber security roundup Home Security Security Awareness Hacking Microsoft privacy PCI DSS GDPR NCSC malware password security Payment Card Fraud Encryption DPA nation-state hackers ICO DDoS Cyber Crime adobe COVID-19 Cloud Security ID Theft iot web application security Threat Huawei phishing cyber Cyberwar Wifi Security Mobile Security Network Security Social Media facebook cybersecurity yahoo CISO talktalk wannacry Apple Cisco Vulnerability Management British Airways Fraud application security ibm Coronavirus RSAC Risk Management cybercrime dark web marriott AI amazon brexit nhs Snowden Twitter football infographic BEC Big Data Intel OWASP Policies Third Party Security vpn APT10 GCHQ Insider Threat MFA NSA Terrorism anti-virus aws cryptocurrencies email security equifax incident management ryuk scam small business training 5G APT28 Cyber Essentials Magecart Manchester City enterprise security podcast solarwinds Apache Compliance DLP Emotet VIPRE bitcoin botnets cyber insurance data retension digital transformation human error kaspersky petya supply-chain A10 Networks APT29 BYOD CCTV CISA Car Security Cobalt Conference Conti Cryptojacking FCA Google Hack Hacktivism Meltdown Mirai Mitre NIST O365 Physical Security SME Trickbot Uber VMware Windows XP appscan artificial intelligence bluekeep book review carbon black career ceo fraud credential stuffing cyber risk education firewall management mcafee misconfiguration ring sans solorigate threat hunting travelex zoom Currys DBIR Deep Secure Dixons carphone FBI Heartbleed IAM ISO27001 InfoSec Maze PewDiePie RSA Revil SHA-1 SaltDNA Sophos Spectre T-Mobile Verizon Windows 7 Windows Server 2018 Zero Trust access control bakuk becrypt blockchain bsides bt china cyber extortion dixons fireeye iphone labour party lenovo linux logmeonce piracy pitney bowes sextortion smart cities social engineering starwood sunburst threat intelligence ticketmaster tor whatsapp zero-day 2018 AMD APT1 APT27 APT3 APT37 APT38 APT39 APT40 APTC23 ATP Aebi Schmidt Air India Azure Born Digital CCISO CCPA CDE CEH CESG CISM CISSP CREST CVE-2021-3156 CVSS CeX Certes Networks Check Point Citrix Coalfire Cognizant CompTIA Crime Dot Com Cyber Bullying Cyber Security Challenge UK Cyber Tec Security DNS Security DarkSide DataDome Decathlon Defcon DevOps Disaster Recovery as a Service Disney ECSC Enterprise Europe Network European Cyber Security Challenge Exchange F5 FASTR FFA FIFA FatFace Flightradar Forrester Gaming Giacom Github HCSEC HIPAA HR HSBC Hafnium IASME IOC ISACA ISC2 ISCN Identity Theft Intelligencia Kia Krack Kraken KwikFit LOC LORCA LinkedIn Liverpool MH370 ML MSPs Maersk Memty NASA NCC NCF NCS NIS Netscout Nintendo Nokia Nominet Online Harms Bill PC World PCI PoisonTap PokemonGo RAA RFT Redcar Regenix SD-WAN SIGRed SMBs SOAR SSL SecureTeam Security Today Sentinel Sepa Serco Snake Sodinokibi Steganography TA505 TGI Friday Tesla TikTok Total Fitness UEFA Vision Direct Vulnerability scan Windows 10 YesWeHack Zerologon adware att&ck awards backup beyer biometrics bitdefender bitsight black friday blueborne boothole bugbounty christmas cloud security alliance contactless corvid cyberis darkgate data classification data security defender deltacharlie digital certificates disaster recovery dropbox drown e-crime congress easyjet email embroker end point security eternalblue f-secure fedex films finance fintech flashpoint freelance goldenspy greene king hacker hidden cobra ignite iloveyou imperva isame isf legal sector locky lovebug mimecast moneytaker movies mumsnet netflix nordVPN notpetya npower outpost24 oyster paradox penetration test plundervolt qualys rbs regtech retail shadow IT shlayer smartphone snapchat sonos spotify spyware stuxnet sudo superfish telegram teletext holidays tfl threatQ timehop translation undervolting unix wearables webroot winzip zavvi

Last 12 Months Most Popular Posts

  • Lush Credit Card Data Breach
    Before I go into my thoughts on the recent Lush website credit card data breach, I have some important advice to all Lush online customers. ...
  • The Billion Pound Manchester City Hack
    The sport of football is a multi-billion-pound global industry, where the world's top-drawer football clubs push competitive advantages ...
  • Is Huawei a Threat to UK National Security?
    On 19th July 2018 the UK government, through the GCHQ backed Huawei Cyber Security Evaluation Centre , gave “limited assurance” that Huawei...
  • Passwords are and have always been an Achilles Heel in CyberSecurity
    LogMeOnce , a password identity management suite provider, has published a detailed interview with myself titled ' Passwords are and hav...
  • Data Loss Prevention: Artificial Intelligence vs. Human Insight
    The cybersecurity landscape continues to evolve as cybercriminals become ever more sophisticated, and digital security tools accelerate to m...
  • Cyber Security Roundup for February 2021
    A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar ...
  • Twitter Hack & Scam
    What Happened? Twitter confirmed 130 celebrity Twitter accounts were targeted in the cyberattack  on Wednesday 15th July, with 45 successful...
  • Fintech Cybersecurity Trends in 2021
    Article by  Beau Peters When the pandemic struck, online bad actors took it as an opportunity to double-down on their attacks through ransom...

Cyber Security News Stream

Tweets by @SecurityToday
4D Cyber Security Awards 2019

Other Security Blogs

  • Help Net Security - News
    Virtual machines hide ransomware until the encryption process is done - The use of virtual machines (VMs) to run the malicious payload is getting more popular with ransomware attackers, Symantec’s Threat Hunter Team claims. R...
    1 hour ago
  • Krebs on Security
    How Cyber Sleuths Cracked an ATM Shimmer Gang - In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to clone data from chip card transactions....
    2 hours ago
  • Schneier on Security
    Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer - Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception prod...
    3 hours ago
  • AWS Security Blog
    CloudHSM best practices to maximize performance and avoid common configuration pitfalls - AWS CloudHSM provides fully-managed hardware security modules (HSMs) in the AWS Cloud. CloudHSM automates day-to-day HSM management tasks including backups...
    20 hours ago
  • Microsoft Security
    Strategies, tools, and frameworks for building an effective threat intelligence team - Red Canary Director of Intelligence Katie Nickels shares her thoughts on strategies, tools, and frameworks to build an effective threat intelligence team...
    22 hours ago
  • Google Online Security Blog
    Get ready for the 2021 Google CTF - Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF is back! Th...
    5 days ago
  • SpiderLabs Blog from Trustwave
    Thousands of Vulnerable VMWare vCenter Servers Still Publicly Exposed (CVE-2021-21985, CVE-2021-21986) - On May 25th, 2021, VMWare released patches to address VMSA-2021-0010, a critical security advisory for VMWare vCenter Server addressing two vulnerabilities...
    1 week ago

About Me

SecurityExpert
View my complete profile

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.
All original content copyright David Whitelegg 2007-2020. You may not use any original content with. Awesome Inc. theme. Powered by Blogger.