Tag feed

#owasp

225 posts20 followers

Explore Hashnode

Alternatives

Trending tags this week

AAAevris AIaevris-mcp.hashnode.dev35m ago · 16 min read

AEVRIS and the OWASP LLM Top 10 (2025): An Honest Capability Map

The OWASP Top 10 for Large Language Model Applications (2025 edition) is the most widely referenced framework for understanding AI application security risks. It is the document security teams use to

0

MNMilan Nikicsecuritydepth.hashnode.devJun 22 · 27 min read

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 2)

Part 1 covered horizontal privilege escalation, where users access resources that belong to other users at the same privilege level. We walked through IDOR vulnerabilities in path parameters, query pa

0

SKSreeram K Scode-as-a-story.hashnode.devJun 20 · 6 min read

What is XSS (Cross-Site Scripting)?

Story Time Imagine your office has a public notice board where anyone can walk up and pin messages like “Team lunch at 1 PM” and “Meeting moved to 3 PM”. Everyone trusts this board and whatever is wri

0

MNMilan Nikicsecuritydepth.hashnode.devJun 16 · 21 min read

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 1)

Broken Access Control sits at the top of the OWASP Top 10 2025, and that ranking tells an important story. Authentication answers a simple question: who is this person? Authorization answers a harder

0

NDNAS Digitalnasdigital.hashnode.devJun 12 · 8 min read

Your Semantic Kernel Agent Has a CVSS 10.0 Vulnerability — And the Patch Doesn't Fully Fix It

On 7 May 2026, Microsoft disclosed two critical vulnerabilities in Semantic Kernel, the official .NET framework used to build AI agents and LLM-powered applications. One was assigned a CVSS score of 1

0

RRayhanrayhan-engineering.hashnode.devJun 4 · 7 min read

Advanced Security Testing in SIBANGKU: Finding CSV Formula Injection Before It Reached Users

Unit tests are good at checking whether internal logic behaves correctly. But not every risk in a web application is visible from ordinary unit tests. In the SIBANGKU project, I learned this through t

0

HKHammad Khanhammad-khan.hashnode.devMay 22 · 10 min read

CSRF Double-Submit Cookies: The Underrated Defense for Same-Origin SaaS

The first time a pen tester filed a CSRF finding against a portal I owned, my reaction was the same as everyone else's: "We're SameSite=Lax. Aren't we fine?" We weren't fine. And the fix wasn't the fr

0

FSFarouq Serikifasthedeveloper.hashnode.devMay 16 · 38 min read

OWASP Mobile Top 10 for React Native Fintech Apps: A Practical Implementation Checklist

TL;DR The OWASP Mobile Top 10 isn't abstract theory — it's the exact list pen testers use to fail your app. Here's the cheat sheet: M1 — stop storing tokens in AsyncStorage, use Keychain/Keystore. M2

0

HKHammad Khanhammad-khan.hashnode.devMay 16 · 8 min read

CSP Headers in Practice: Lessons From a Real Security Audit Pass

CSP Headers in Practice: Lessons From a Real Security Audit Pass The first time I deployed a strict Content Security Policy in production, the application broke in three places nobody had ever thought

0

MBMouhamed Ben Abdallaherinmin-writeups.hashnode.devMay 12 · 8 min read

Unprotected Admin Functionality

Platform: PortSwigger Web Security Academy Category: Access Control / Vertical Privilege Escalation Difficulty: Apprentice Tool(s): Browser only Date: 12/05/2026 Overview This lab demonstrates a ver

0

#owasp

Search Hashnode

#owasp

Explore Hashnode

Trending tags this week

AEVRIS and the OWASP LLM Top 10 (2025): An Honest Capability Map

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 2)

What is XSS (Cross-Site Scripting)?

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 1)

Your Semantic Kernel Agent Has a CVSS 10.0 Vulnerability — And the Patch Doesn't Fully Fix It

Advanced Security Testing in SIBANGKU: Finding CSV Formula Injection Before It Reached Users

CSRF Double-Submit Cookies: The Underrated Defense for Same-Origin SaaS

OWASP Mobile Top 10 for React Native Fintech Apps: A Practical Implementation Checklist

CSP Headers in Practice: Lessons From a Real Security Audit Pass

Unprotected Admin Functionality