OWASP on BSG Blog — Cybersecurity Insights

LLM Penetration Testing: 2026 Methodology Guide

Sat, 02 May 2026 13:00:00 +0000

LLM penetration testing is not a normal web-app pentest with a chatbot bolted on. The attack surface includes the prompt layer, model behaviour, retrieval (RAG), tool and agent invocation, and output handling — and the most damaging failures usually live in the seams between those layers.

API Security Testing: OWASP API Top 10 Walkthrough

Wed, 14 Jan 2026 21:56:37 +0000

Introduction

APIs (Application Programming Interfaces) have become the backbone of modern software architecture. From mobile apps to microservices, organisations rely on APIs to connect systems, share data, and deliver functionality. But this connectivity comes with risk.

In 2026, APIs represent one of the most common attack vectors in web applications. According to industry data, 57% of organisations experienced an API-related data breach in the past year, with 73% of those facing three or more separate incidents. Major breaches continue to be traced back to insecure API endpoints.

OWASP LLM Top 10 (2025): Vulnerabilities & Mitigations

Mon, 12 Jan 2026 18:20:19 +0000

Every organisation seems to be integrating large language models into their products and workflows. Chatbots, code assistants, document analysers, customer service agents—generative AI is everywhere. But security hasn’t kept pace with adoption.

OWASP recognised this gap and released a dedicated Top 10 for LLM Applications. Unlike traditional web vulnerabilities that developers have been battling for decades, LLM risks are fundamentally different. These systems process natural language, generate unpredictable outputs, and often have access to sensitive data and powerful actions. The attack surface is unlike anything we’ve seen before.

OWASP Top 10 2025: What Changed and Why It Matters

Mon, 12 Jan 2026 01:23:41 +0000

The OWASP Top 10 is the definitive benchmark for web application security. The 2025 release brings the most significant changes in years: two entirely new vulnerability categories and major ranking shifts that reflect how modern attacks have evolved.

These changes aren’t academic—they shape security policies, penetration testing requirements, and development practices across the industry. Understanding what changed helps security teams prioritise resources and protect what matters most.

Unforgivable Software Vulnerabilities

Fri, 04 Apr 2025 16:27:14 +0000

Every piece of software has bugs. Many have vulnerabilities. But not all software vulnerabilities are created equal.

Some are complicated, buried deep in obscure logic, or made possible by bleeding-edge exploit techniques. Others—well, others are glaringly obvious. These are the ones that make security professionals shake their heads and ask: How did this ever make it to production?

SAMMY: Free Tool to Implement OWASP SAMM Security

Mon, 04 Nov 2024 16:48:46 +0000

In today’s rapidly evolving digital landscape, ensuring the security of software applications is paramount. The OWASP Software Assurance Maturity Model (SAMM) provides organizations with a structured framework to assess and enhance their software security practices. To effectively implement SAMM, organizations can leverage SAMMY, a comprehensive management tool developed by Codific.

BSG becomes an OWASP corporate member!

Tue, 08 Dec 2020 09:00:00 +0000

OWASP is the most known global non-commercial organization dealing with software security. It was established in 2001 and had been publishing its famous application security risks rating – the OWASP Top 10 – since 2003. The number of OWASP initiatives and chapters is continuously growing, making it the leading contributor in application security methodologies and a prominent industry think tank. Do you feel like Berezha Security has a strong connection with OWASP? That’s correct, and here’s why.