When.com Web Search

Search results

1. Results From The WOW.Com Content Network

2. OWASP - Wikipedia

   en.wikipedia.org/wiki/OWASP

   OWASP Development Guide: The Development Guide provides practical guidance and includes J2EE, ASP.NET, and PHP code samples. The Development Guide covers an extensive array of application-level security issues, from SQL injection through modern concerns such as phishing, credit card handling, session fixation, cross-site request forgeries ...

3. ModSecurity - Wikipedia

   en.wikipedia.org/wiki/ModSecurity

   Free and open-source software portal; ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP ...

4. ZAP (software) - Wikipedia

   en.wikipedia.org/wiki/ZAP_(software)

   ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License.When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic.

5. Threat model - Wikipedia

   en.wikipedia.org/wiki/Threat_model

   Countermeasures are included in the form of actionable tasks for developers that can be tracked and managed across the SDLC. [23] OWASP Threat Dragon is a modeling tool used to create threat model diagrams as part of a secure development lifecycle. Threat Dragon follows the values and principles of the threat modeling manifesto.

6. Web application firewall - Wikipedia

   en.wikipedia.org/wiki/Web_application_firewall

   A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. [1]

7. Static application security testing - Wikipedia

   en.wikipedia.org/wiki/Static_application...

   In the software development life cycle (SDLC), SAST is performed early in the development process and at code level, and also when all pieces of code and components are put together in a consistent testing environment. SAST is also used for software quality assurance, [2] even if the many resulting false-positive impede its adoption by ...

8. DREAD (risk assessment model) - Wikipedia

   en.wikipedia.org/wiki/DREAD_(risk_assessment_model)

   The categories are: Damage – how bad would an attack be?; Reproducibility – how easy is it to reproduce the attack?; Exploitability – how much work is it to launch the attack?

9. Cross-site scripting - Wikipedia

   en.wikipedia.org/wiki/Cross-site_scripting

   Cross-site scripting (XSS) [a] is a type of security vulnerability that can be found in some web applications.XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.