These library resources require an Ounce Labs ID. Log in or register.

The Dirty Dozen:

The Top Web Application Vulnerabilities and How to Hunt Them Down at the Source

It is a vital, if somewhat daunting task to identify and eliminate critical vulnerabilities in applications that expose vital data and systems to the World Wide Web. The only way to truly eliminate these vulnerabilities for developers, QA specialists and others to understand the coding errors, configuration issues, and design flaws that introduce application security risk into an organization.

This paper will discuss methods to efficiently locate, understand, and eliminate the Dirty (Baker's) Dozen; the thirteen most common coding defects and software design flaws within the source code itself. Additionally, this paper explores the techniques available, including penetration testing, manual code review, and source code analysis, to achieve this level of insight.

« Back to Library