OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic. Introduction The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and develop security-based user stories. Although
Đọc thêm
What is SABSA? SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives. It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and frameworks. The SABSA framework and
Đọc thêm
Contributor(s): Dave Wichers, itamarlavender, will-obrien, Eitan Worcel, Prabhu Subramanian, kingthorin, coadaflorin, hblankenship, GovorovViva64, pfhorman, GouveaHeitor, Clint Gibler, DSotnikov, Ajin Abraham, Noam Rathaus, Mike Jang Source code analysis tools, also known as Static Application Security Testing (SAST) Tools, can help analyze source code or compiled versions of code to help find security flaws. SAST tools can be added into your IDE. Such tools
Đọc thêmOWASP MASTG Previously known as OWASP MSTG (Mobile Security Testing Guide) The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile application security testing. A fundamental learning resource for both beginners and professionals covering a variety of topics from mobile OS internals to advanced reverse engineering techniques. It also provides an exhaustive set of test cases
Đọc thêm
What is This? The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project. OWASP Top 10 Proactive Controls 2018 Software developers are the foundation of any application. In order to achieve secure software, developers must be supported and helped by the organization they author code for.
Đọc thêm
A1:2017-Injection Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. A2:2017-Broken Authentication Application functions related to authentication and session management are often implemented incorrectly, allowing
Đọc thêm
The four-volume SP 800-63 Digital Identity Guidelines document suite is available in both PDF format and online. PDF versions of the documents are available from: Document Title URL SP 800-63-3 Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3 SP 800-63A Enrollment and Identity Proofing https://doi.org/10.6028/NIST.SP.800-63a SP 800-63B Authentication and Lifecycle Management https://doi.org/10.6028/NIST.SP.800-63b SP 800-63C Federation and Assertions https://doi.org/10.6028/NIST.SP.800-63c Links to the online version of the SP
Đọc thêm
Tiêu chuẩn xác minh bảo mật ứng dụng OWASP ASVS 4.0
Đọc thêm
ĐÀO TẠO AN TOÀN THÔNG TIN THEO CHUẨN QUỐC TẾ TRỰC TUYẾN 