How to prevent SQL injection

Despite being one of the oldest known web application attacks, SQL injections continue to feature in data breach headlines, from MOVEit Transfer to Zendesk and beyond. This article discusses ways of preventing SQL injection vulnerabilities to make sure incoming attack payloads can’t get a foothold in your systems.

Is Your Web Vulnerability Scanner Approved by PCI?

Is the web vulnerability scanner you are using approved by PCI? This article talks about PCI and PCI DSS and explains why automated software used in PCI DSS compliance audits, such as an automated web vulnerability scanner and web security scanner cannot be approved by PCI.

Complete beginner’s guide to web application security

Working in QA? Take your Web Application Security Testing to the Next Level

As a QA professional, you are in a perfect position to add much more value to the web application security testing and vulnerabilities detection processes. Read more and learn what you can do to improve your testing skills and start incorporating more complete web application security tests in your normal QA tests.

The Importance of Planning out Web Application Security Testing

This article explains how to plan a web application vulnerability detection program to ensure that all vulnerabilities in your business web applications are identified and closed. It also explains what are the basic building blocks for a successful web security assessment.

What Changed and What you need to know about PCI DSS 3.0

The new PCI DSS version 3.0 guidelines will take effect on the 1st of January 2014 but will only be forced in 2015. Still, 1 year passes by so quickly so read this document to see what changed and what is new in the new PCI DSS 3.0 guidelines and check how it might impact your business and the security of your websites and web applications.

Why You Should Run Authenticated Web Security Scans

Do you scan all sections of your web applications, including the authenticated sections? In this blog post you will find a number of reasons why you and every other web security expert and penetration testers should run authenticated web application security scans.

PCI Compliance – The Good, The Bad, and The Insecure – Part 2

In this second part of the compliance article, the author explains in detail how each and every category in the PCI DSS requirements should be dealt with to ensure that your websites, web applications and also business are operating securely. This is the definitive guide to PCI DSS compliance every business and organization should read.

PCI Compliance – The Good, The Bad, and The Insecure

In this first part of a two part article about PCI compliance and web application security, the author looks into the history of compliance, rules and regulations and explores the common shortcomings of such rules. The author also explains why there are such shortcomings and explains that by being compliant, does not necessarily mean having secure web applications.

How to evaluate web application security scanners

Top 10 Mistakes when Performing a Web Vulnerability Assessment

In Information Technology there are numerous mistakes, oversights, and blunders that are repeated consistently day after day. But given what there is to lose when it comes to web application security, why not learn from the mistakes of others so you don’t get burned? This blog post lists the top 10 mistakes typical web application security experts do and that you need to be aware of when seeking out the real business risks in your web vulnerability assessments:

14 years of SQL injection history and still the most dangerous vulnerability

Getting developers on board to transition from part of the problem to part of the process

Are your web application developers key players in the web application security equation? They are often the unsung heroes who help prevent many security problems from ever occurring, or closing down web vulnerabilities once identified. Yet in the real world they are often portrayed as a large part of the security problem. It doesn’t have to be that way.