In March of this year, OWASP released their 2016 edition of the Mobile Top Ten. Now that organizations have had some time to get acclimated to it, I wanted to provide some of my thoughts on it.

OWASP got this one right. I...

2016 OWASP Mobile Top 10 Vulnerabilities

by Dinesh Shetty on November 4, 2016 at 9:21 AM

Do you think mobile vulnerabilities are so different from web vulnerabilities that it warrants is own list?

While vulnerabilities are often similar across the various computing platforms, each has unique idiosyncrasies,...

A CISO's Guide to Application Security

by Danny Harris on August 11, 2016 at 8:53 AM

CISO Executive Summary

Application security differs in a number of ways from IT security, Network Security, and Information Security, so standard solutions from those domains don’t necessarily address the challenges of...

OpenSAMM Benchmark Initiative

by Zak Dehlawi on April 23, 2015 at 3:52 PM

Security Innovation is very excited to be part of the consortium of AppSec vendors that are working to create a dataset of organizational security maturities.

PHP is the most commonly used web application framework and the level of security it provides is often debated. However, what is factual is that it has no default security mechanism. Identical PHP applications are often...

The OWASP Top 10, From Break to Build

by Jason Taylor on December 8, 2011 at 9:49 AM

The OWASP Top Ten List is one of the best informal standards and guidelines for web application security -- it is a listing of common threats that result from weak design or implementation activities during software...

The following list is the summary of the recommended controls in the OWASP Top 10 2010 document. OWASP has become the de-facto international standard body in the field of Web Application Security. The recommendations below...