OWASP Top 10 2021 - What's New

My presentation on OWASP IL Meetup and on the Application Security Meetup. OWASP Top 10 is the most successful OWASP Project It shows ten most critical web application security flaws. Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it. Do not forget to The presentation:

How to reset Two-Factor WebAuth

What will I cover in this post? In my previous post I have described Two-Factor Authentication with WebAuth. But what should you do when a user replaces WebAuthn device? In this post, we will learn how to reset WebAuthn for a specific user. In addition, we will see how to revert the WebAuthn configuration for all users. Reset WebAuthn for a specific user If a user replaces WebAuthn device he /she will not be able to login and will see the following error:

Two-Factor Authentication with Keycloak WebAuth

What will I cover in this post? We will learn how to configure Two-Factor Authentication with Keycloak WebAuth. In this post, I plan on: Explaining what is WebAuth Explaining how to configure WebAuth in Keycloak Do not forget to follow me on Twitter What is WebAuth? WebAuthn is the standard recommended by FIDO Alliance and W3C. WebAuthn defines a standard web API that gives users new methods to securely authenticate.

Preventing OWASP A4 XML External Entities (XXE) in a better way

XML External Entities (XXE) is a dangerous vulnerability, currently ranked fourth (A4) in the OWASP Top Ten. Resolving this vulnerability should be a high priority for all Java developers. In this presentation, presented by Anat Mazar (https://www.linkedin.com/in/anat-mazar/) and Michael Furman (https://www.linkedin.com/in/furmanmichael/) on the OWASP meetup we will Demonstrate why XXE is so dangerous Show you how this vulnerability is typically resolved – in each and every place in the code that you parse an XML file Show you the better resolution – set a couple of system Java system properties once, and never worry about XXE again.