westurner 24 days ago [-]
"OWASP Top 10 Most Critical Web Application Security Risks" https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...

> A1:2017-Injection, A2:2017-Broken Authentication, A3:2017-Sensitive Data Exposure, A4:2017-XML External Entities (XXE), A5:2017-Broken Access Control, A6:2017-Security Misconfiguration, A7:2017-Cross-Site Scripting (XSS), A8:2017-Insecure Deserialization, A9:2017-Using Components with Known Vulnerabilities, A10:2017-Insufficient Logging&Monitoring

"OWASP Top 10 compared to SANS CWE 25" https://www.templarbit.com/blog/2018/02/08/owasp-top-10-vs-s...

fulafel 24 days ago [-]
Robust confidentiality against traffic analysis is one.
juansgaitan 24 days ago [-]
Can you explain what you mean by "confidentiality against traffic analysis"?
fulafel 24 days ago [-]
TA is a tern of art in crypto. It means you can deduce what the parties are communicating and who they are by statistically analysing the sizes, timings and addresses of messages. In practice - it's easy for an eavesdropper to see you are using Gmail, and also possible to deduce whether your email content matches some known messages the eavesdropper possibly has seen before. Etc. One widely known tech that tries to mitigate TA is Tor.
codegladiator 24 days ago [-]
Do you mean like credit card number ?
juansgaitan 24 days ago [-]
Could be. What do we need to ensure credit card number security for example?
cableshaft 22 days ago [-]
Don't ask for one is by far the best way.

If you absolutely need to do credit card payments, then consider using a third party system to handle it (like Stripe).