WebAPI The API Security Problem (Note: If you'd like more on the OWASP API Top 10 then take a look at my Pluralsight course on OWASP Top 10: API Security Playbook [https://pluralsight.pxf.io/o2z3o]) There are many things on the internet that don’t get
Pluralsight OWASP API Top 10: Broken User Authentication This is the second entry in the OWASP API top 10 (API2:2019) [https://owasp.org/www-project-api-security/]. In my development career, implementing authentication was always something I feared. It's an important part of an API and implementing something like OAuth 2.0
Security Defending from Forced Browsing…good reasons not to just hide restricted content Secure coding to protect against forced browsing. Strong defences from forced browsing require controls such as Role Based Access. Here we explain how to mount a good defence!
Agile Who can Perform a Secure Code Review? You need to pick the right person for a job. Here's how to find the right person for a secure code review.
Security Defence Against SQL Injection How do you defend against SQL Injection? Have you only got one or two defences in place? Cover yourself from multiple angles and perhaps help your overall security stance too!