AppSec Blog: Category - Architecture

Safer Software through Secure Frameworks

We have to make it easier for developers to build secure apps, especially Web apps. We can't keep forcing everybody who builds an application to understand and plug all of the stupid holes in how the Web works on their own - and to do this perfectly right every time. It's not just wasteful: it's … Continue reading Safer Software through Secure Frameworks


Agile Security for Product Owners - Requirements

Much of cumulative application security knowledge and tools are aimed at detection, rather than prevention, of vulnerabilities. This is a natural consequence of the fact that the primary job of many information security analysts is to look for security vulnerabilities and provide high level remediation suggestions rather than be involved in detailed remediation efforts. Another … Continue reading Agile Security for Product Owners - Requirements


Four Attacks on OAuth - How to Secure Your OAuth Implementation

This article briefly introduces an emerging open-protocol technology, OAuth, and presents scenarios and examples of how insecure implementations of OAuth can be abused maliciously. We examine the characteristics of some of these attack vectors, and discuss ideas on countermeasures against possible attacks on users or applications that have implemented this protocol. An Introduction to the … Continue reading Four Attacks on OAuth - How to Secure Your OAuth Implementation