Clik here to view.
Feedbacks from Application Pentest
I have recently completed penetration testing of a SAP portal application for a customer. It was a short-time (5 days) assignment which required execution of tool-supported automatic pentest (with IBM...
View ArticleClik here to view.
Secure Software Development with SAMM
SAMM (Software Assurance Maturity Model) is an OWASP project and provides well-structured strategy and guidelines for integration of security within software development processes. In the 7th issue of...
View ArticleClik here to view.
Secure Coding Guidelines for Java
I have published an (Turkish) article about secure coding guidelines for Java within OWASP-Turkey Documents. The article aims at helping IT-architects and developers to understand the main security...
View ArticleClik here to view.
Book Review: Architecting Secure Software Systems
I have recently completed the review of the book “Architecting Secure Software Systems” for IACR (International Association for Cryptologic Research) book review program. The review can be summarized...
View ArticleClik here to view.
Book Review: Secure and Resilient Software Development
I have completed the review of the book “Secure and Resilient Software Development” for IACR (International Association for Cryptologic Research) book review program. The review can be summarized as...
View ArticleClik here to view.
Mahremiyet İhlalleri – 1 (Privacy Violations)
Kişişel bilgilerin mahremiyeti dünyada birçok yerde olduğu gibi ne yazıkki Türkiye’de de pek dikkat edilmeyen ve de kolayca zaafiyete uğratılan bir konudur. Toplum genelinde mahremiyet bilinci...
View ArticleClik here to view.
Web Application Security Check List, version 2
OWASP-Turkey published in 2010 a check list for web application security which provides various security controls for web application developers and system administrators. It was planned to create the...
View ArticleClik here to view.
The Web Application Security Check List in English
In my previous post, I did mention the web application security check list for auditors. The check list has been now translated into English. For the details, see the Google project site.
View ArticleClik here to view.
Mahremiyet İhlalleri -2 (Privacy Violations)
Bu yazımda mahremiyet ihlallerine konusuna devam etmek istiyorum. Bu seferki ihlali gerçekleştiren Maliye Bakanlığına bağlı Gelir İdaresi Başkanlığı. Bu devlet kurumu gerçekleştirdiği bir online...
View ArticleClik here to view.
Pentesting of Authentication Bypass via SQL-Injection with Burpsuite Intruder
A login process containing SQL injection vulnerability can be bypassed by attackers. They need to manipulate username or password parameters and thus access to the application (even as administrator)...
View Article
