Tag Archives: security practices

Security Misconfiguration Example – Upwork

OWASP Security Misconfiguration Example

In this post, you will see an example of security misconfiguration which is one of the top 10 security vulnerabilities as per OWASP top 10 security vulnerabilities. Here is what security misconfiguration means? Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc to gain unauthorized access or knowledge of the system. In this post, you will see the example of unauthorized knowledge of the system. Security Misconfiguration Example This morning, I was checking the Upwork.com when I saw this message when I tried to login. Take a look at exceptions and stack trace. Using the above, I could extract some …

Continue reading

Posted in Application Security. Tagged with , .

Angular – Top 10 Security Best Practices vis-a-vis Security Risks

angular security best practices

Are you concerned about security vulnerabilities in your angular app? Have you been wondering whether one or more of your angular apps are at security risks? Your worries regarding potential security bugs in your angular apps are well justified given security threats to web apps in general. This article would help you learn some of the top security best practices for your Angular apps. Some of these best practices may as well be applied for earlier versions of AngularJS. We shall be referring the security best practices in relation to some of the OWASP Top 10 Security Vulnerabilities. Some of the recommendations include out-of-box support from Angular Http utility such as DomSanitizer and HttpClient which is part of Angular 2, Angular 4 and Angular 5. Quick Recall …

Continue reading

Posted in AngularJS, Application Security, UI, Web. Tagged with , , , .

Top 5 Secured Application Development Practices

Following are top 5 areas to consider while setting up secured application development practices: Security Training: The developers have to be given continuous training on application security. In this regard, OWASP Top 10 security related recommendations is of great help and a great place to start. This is primarily applicable for web applications. However, most of it also applies to general application.  The security training is applicable for all stakeholders of the project including business analyst, project managers, architect, developers and testers. Threat Modeling: This is the most important aspect of all. This primarily consists of following important steps: Threat classification: Following are some of the key threats one can …

Continue reading

Posted in Application Security. Tagged with , .