The web app security consortium OWASP published the latest Testing Guide, a manual designed to teach developers how to build and maintain secure applications.

Web Testing Environment (WTE) project makes application security tools available to developers and QA testers. InfoQ caught up with WTE project lead Matt Tesauro to learn more about the project.

Security misconfiguration is a significant concern, in the OWASP Top 10. During our web application penetration tests, we often discover numerous vulnerabilities of this nature. According to OWASP, ...

OWASP ZAP (Zed Attack Proxy) is an open-source tool designed for finding vulnerabilities in web applications. It supports automated and manual testing, making it suitable for beginners and seasoned ...

Dynamic application security testing (DAST) tools assess the security of web applications by simulating external attacks. In this guide, we will survey the best DAST software on the market today.

The Open Web Application Security Project (OWASP) has published a new version of its infamous Top 10 vulnerability ranking, four years after its last update, in 2013.

As a long-time OWASP member and application security practitioner, I wanted to share my thoughts on how the newly released OWASP Web App Top 10 might impact or influence the updates to the API ...

Cycode SAST Leaves Competitors Behind with 94% Fewer False Positives in OWASP Benchmark Next-generation engine elevates Cycode’s Complete ASPM platform with industry-leading static code analysis ...