Feedbacks from Application Pentest
I have recently completed penetration testing of a SAP portal application for a customer. It was a short-time (5 days) assignment which required execution of tool-supported automatic pentest (with IBM...
View ArticleSecure Software Development with SAMM
SAMM (Software Assurance Maturity Model) is an OWASP project and provides well-structured strategy and guidelines for integration of security within software development processes. In the 7th issue of...
View ArticleSecure Coding Guidelines for Java
I have published an (Turkish) article about secure coding guidelines for Java within OWASP-Turkey Documents. The article aims at helping IT-architects and developers to understand the main security...
View ArticleBook Review: Architecting Secure Software Systems
I have recently completed the review of the book “Architecting Secure Software Systems” for IACR (International Association for Cryptologic Research) book review program. The review can be summarized...
View ArticleBook Review: Secure and Resilient Software Development
I have completed the review of the book “Secure and Resilient Software Development” for IACR (International Association for Cryptologic Research) book review program. The review can be summarized as...
View ArticleMahremiyet İhlalleri – 1 (Privacy Violations)
Kişişel bilgilerin mahremiyeti dünyada birçok yerde olduğu gibi ne yazıkki Türkiye’de de pek dikkat edilmeyen ve de kolayca zaafiyete uğratılan bir konudur. Toplum genelinde mahremiyet bilinci...
View ArticleWeb Application Security Check List, version 2
OWASP-Turkey published in 2010 a check list for web application security which provides various security controls for web application developers and system administrators. It was planned to create the...
View ArticleThe Web Application Security Check List in English
In my previous post, I did mention the web application security check list for auditors. The check list has been now translated into English. For the details, see the Google project site.
View ArticleMahremiyet İhlalleri -2 (Privacy Violations)
Bu yazımda mahremiyet ihlallerine konusuna devam etmek istiyorum. Bu seferki ihlali gerçekleştiren Maliye Bakanlığına bağlı Gelir İdaresi Başkanlığı. Bu devlet kurumu gerçekleştirdiği bir online...
View ArticlePentesting of Authentication Bypass via SQL-Injection with Burpsuite Intruder
A login process containing SQL injection vulnerability can be bypassed by attackers. They need to manipulate username or password parameters and thus access to the application (even as administrator)...
View Article
More Pages to Explore .....