The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform's authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.
Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.
When it comes to secure database access, there's more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.
Defining your security requirements is the most important proactive control you can implement for your project. Here's how.
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.