Posted on

Hardening Apache APISIX With the OWASP’s Coraza and Core Ruleset

The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

OWASP website

Posted on

OWASP Top 10 API Security

I am sure that almost all of you would be aware about OWASP. But, just for the context let me just brief about the same.

OWASP is an international non-profit organization that is dedicated to web application security. It is a completely opensource and community driven effort to share articles, methodologies, documentation, tools, and technologies in the field of web application security.

Posted on

10 Node.js Security Practices

Web application security is rapidly becoming a major concern for companies as security breaches are becoming expensive by the day. The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to web security. OWASP has put together a regularly updated list of the top ten web application security risks.

In the course of this article, we will examine the ten secure practices in Node.js which are in line with the OWASP top 10 web application security risks.

Posted on

Automate ZAP Security Tests With Selenium Webdriver

OWASP ZAP (Zed Attack Proxy) is an open-source and easy-to-use penetration testing tool for finding security vulnerabilities in the web applications and APIs. As a cross-platform tool with just a basic Java installation pre-requisite, it provides vulnerability scanning for beginners and penetration testing for professionals. It can be downloaded and installed as a standalone application or Docker image.

Additionally, the OWASP community has exposed ZAP APIs, which allows ZAPs to integrate with other tools/frameworks.

Posted on

OWASP ServerlessGoat: Learn Serverless Security By Hacking and Defending

Deliberately-vulnerable applications gained popularity in recent years for the purpose of learning and demonstrating application security concepts. Years ago, OWASP launched the WebGoat project, which has since become the gold standard and to this day is still one of the most popular platforms for teaching web application security.

The Open Web Application Security Project (OWASP) recently launched the serverless counterpart to WebGoat, named ServerlessGoat, which was contributed by serverless security vendor PureSec.