Top "Owasp" questions

The Open Web Application Security Project (OWASP) is an organization that wants to inform people about application security.

PHP $_SERVER['HTTP_HOST'] vs. $_SERVER['SERVER_NAME'], am I understanding the man pages correctly?

I did a lot of searching and also read the PHP $_SERVER docs. Do I have this right regarding which …

php apache security owasp
What is "X-Content-Type-Options=nosniff"?

I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing …

html http-headers meta owasp penetration-testing
Why is it common to put CSRF prevention tokens in cookies?

I'm trying to understand the whole issue with CSRF and appropriate ways to prevent it. (Resources I've read, understand, and …

security cookies web csrf owasp
CSRF (Cross-site request forgery) attack example and prevention in PHP

I have an website where people can place a vote like this: http://mysite.com/vote/25 This will place a …

php csrf owasp
Where can I find ESAPI.properties?

Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.…

java escaping owasp esapi
Adding authentication in ZAP tool to attack a URL

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.

authentication session owasp zap penetration-testing
HTML-Entity escaping to prevent XSS

I have some user input. Within my code, I ensure that the following symbols are escaped: & -> &…

java html escaping xss owasp
How can I set the 'secure' flag for cookies in an ASP.NET MVC website?

I have set the following in web.config: <system.web> <httpCookies httpOnlyCookies="true" requireSSL="true" /> </…

asp.net asp.net-mvc security cookies owasp
CSRF, XSS and SQL Injection attack prevention in JSF

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent …

jsf xss sql-injection csrf owasp
iOS certificate pinning with Swift and NSURLSession

Howto add certificate pinning to a NSURLSession in Swift? The OWASP website contains only an example for Objective-C and NSURLConnection.

ios swift ssl owasp pinning