Secure Application Development and the OWASP Top 10 (Pt. 3 of 10)
This is part 3 of a 10-part series. Be sure to check out part 1 and part 2 if you haven’t already.
Some of you may already be familiar with the Open Web Application Security Project (OWASP) and its Top 10 2010 list due in part to Requirement 6.5 of the Payment Card Industry Data Security Standard (PCI DSS):
6.5 Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes.
For those of you who are not familiar with OWASP and their Top 10, the OWASP Top 10 2010 was aimed at highlighting simple problems that can plague applications and ultimately undermine security.
If you missed it, be sure to check out the previous posts on A1: Injection and A2: Cross-Site Scripting (XSS). Here’s the third OWASP application security risk - Broken Authentication and Session Management.
Read More
Secure Application Development and the OWASP Top 10 (Pt. 2 of 10)
This is part 2 of a 10-part series. You can check out part 1 here.
Some of you may already be familiar with the Open Web Application Security Project (OWASP) and its Top 10 2010 list due in part to Requirement 6.5 of the Payment Card Industry Data Security Standard (PCI DSS):
6.5 Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes.
For those of you who are not familiar with OWASP and their Top 10, the OWASP Top 10 2010 was aimed at highlighting simple problems that can plague applications and ultimately undermine security.
If you missed it, be sure to check out the previous post on A1: Injection. Here’s the second OWASP application security risk - Cross-Site Scripting.
Read More
The Mythical Ruby Splat
Most Rubyists are aware of variable length arguments in a method definition. For example:
Just as a refresher, the * operator, commonly known as a “splat,” collects the arguments into an array object. So in the example above, the variable *names is an array object, which means it can be used just like any other array:
What blew my mind recently was stumbling across Ruby code where the name for the “splat” was missing. I assure you that this is valid Ruby code:
Read More
Secure Application Development and the OWASP Top 10
Some of you may already be familiar with the Open Web Application Security Project (OWASP) and its Top 10 2010 list due in part to Requirement 6.5 of the Payment Card Industry Data Security Standard (PCI DSS):
6.5 Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes.
For those of you who are not familiar with OWASP and their Top 10, the OWASP Top 10 2010 was aimed at highlighting simple problems that can plague applications and ultimately undermine security. Given recent news stories, and the renewed interest of the general public in information security, I thought it was worth taking a run through each of the Top 10 as sort of a refresher. We’ll make sure to crosslink the various posts as we publish them.
Read More
