(OWASP) has released the first draft of the 2007 edition of the Ten Most Critical Web Application Security Vulnerabilities. Over the years, this document has turned into a de facto web application vulnerability checklist.

Ever wondered how could you find all the sub-domain hosts starting your search just from the domain name ?

Java Source Code Audit tools

Because a lot of web applications rely on the session id for all the authentication and authorization , knowing the strength of the algorithm behind the session ID generation is essential.

The first step is to decompile the .swf file and extract as many resources as possible.

Testing Fault Injection in Local Applications proves to be a great resource for describing the local resources and interprocess communication,

Anti-Spyware program for Mac OS X, MacScan. Version 2.3 adds a blacklisted cookie scanner.

These are the best online resources in web application security :

OWASP is happy to announce the first release of OWASP Pantera - Web
Assessment Studio. Pantera is a mix between a pentest proxy, an application
scanner, and an intelligent analysis framework. Pantera’s goal is to leave
the analysis and automatic (repetitive) stuff to the engine, leaving only
the important decisions to the security expert.
Great tool !
OWASP Pantera Web […]

The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source.
OWASP has released the Security Testing Guide v2 .At 270 pages, this guide is already a must-have for most developers and penetration/application testers, but we want to take it one step […]