owasp Archives - ITNotes

Threat Modeling with STRIDE: Analyze Security Risks Before Writing a Single Line of Code

May 29, 2026

STRIDE threat modeling helps you identify security risks in web apps and APIs before writing code — catching authentication flaws, privilege escalation, and data leaks at the design stage. This guide walks through practical tools like OWASP Threat Dragon and pytm, with real examples for REST API architectures.

Security

How to Protect Web Apps from XSS and CSRF Vulnerabilities: A Production Retrospective

March 23, 2026

After six months hardening a production web app against XSS and CSRF attacks, this guide covers what actually works: output encoding, nonce-based CSP, CSRF tokens, SameSite cookies, and security headers — with practical Python and Nginx code examples.

DevOps

Integrating OWASP Dependency-Check into Your CI/CD Pipeline for Stronger Security

March 21, 2026

Learn how to integrate OWASP Dependency-Check into your CI/CD pipeline to automate the detection of known vulnerabilities in your project's dependencies. This tutorial covers setup, configuration, and practical examples for building a robust software supply chain.

Security

Securing LLM-Powered Applications: OWASP Top 10 for LLMs Explained

March 15, 2026

The OWASP Top 10 for LLMs lists the ten most critical security risks for AI-powered applications. This guide walks through prompt injection, insecure output handling, sensitive data leaks, and excessive agency — with practical Python code you can apply immediately to harden your LLM-powered app.