Learn the right steps to integrate E2E and application security testing in this blog with actual project examples.
Code review is essential for your application security, when even the smallest flaw has potential for abuse.
Wait…What??? Don’t AppSec and securing Apps mean the same thing? Well, yes, I used to think so too!!
Learn the basics of how to identify and exploit an SSTI or Server side template injection, along with a few remediation suggestions.
Here is our compilation of what we’d like to call The Top 7 Myths of AppSec Automation for all of you who are either currently involved in or in the process of adopting DevSecOps in the near future.
Penetration Testers are now not just required to run tools, but also find intuitive ways to automate them, saving them critical effort and bandwidth - custom scripts being one such approach.
Here are a few of the impressions from the AppSec Cali event, and what will be the state of things to come in Application Security
CSRF flaws are patched in many ways depending on the application architecture. But, there are three approaches that are most practiced by developers that are not as effective as it appears.
The OWASP Top 10 2017.These are the changes from the previous, OWASP Top 10 2013 and today’s “Golden Master” version of the OWASP Top 10 2017
Here are three major ways to empower engineering teams with certain skills and strategies, that improves the security of applications in a self-sustained manner.
Here are four customized scripts, written in Python, which generate payloads for performing customized attacks against web applications and web hosts.
“Security in DevOps” is the need of the hour. Security scanning tools & aggregation platform vendors are beating the drums on how platforms bake security into the development pipeline.
The WannaCry Attack has made waves across technologists and non-tech folks alike, and has made several folks definitely wanna cry, as they see their critical data encrypted and completely unavailable.
The OWASP Top 10 is important for many reasons. In our opinion it has highlighted and captured several key elements of information security that are relevant for today’s apps. Let’s take a look at some key changes in OWASP Top 10.
Learn and understand with us, how languages/platforms and their frameworks can facilitate security and its implementation.
As is always seen with a disruptive IT industry, security is usually forgotten, so happens with DevOps practices. Learn with our real time case studies for remediations.
AngularJS expands the attack surface of an application significantly, hence developers need to know about the latest bypasses and build the necessary remediation in their applications.
We crunched some numbers and I have tried to drill down to the 3 Most Resistant Application Security Vulnerabilities, from January of 2015 to the present day.
There are 3 very critical things that organizations miss out on when trying to fix application security. Learn all of them in this AppSec Blog.
Your organization has a bunch of APIs or services that it hasn’t even looked at from a security testing standpoint, and that’s dangerous. Let’s delve into 3 ways you can win with API Security Testing
DevSecOps like security, (and almost everything else) has the mystic triad - Technology, People and Process. The pillar that's obviously making the most noise is the technology angle of security automation - which are the scanners and the tooling platforms.
We’ve identified some simple yet effective security practices for Docker deployments. We will follow some of these areas through more granular articles, but this is a good starting point for one to consider when looking at security for container deployments.
We have been automating tools to increase their efficiency drastically and making it a lot easier to integrate them into the Devops cycle. To automate or customize something, you need to understand how it works so that you know exactly what it is that you're changing.
Why do companies tend to ignore security threats and bugs? That said, reaching the right people, at the right time with the right tone seems to be key for cybersecurity threats.
Web and Mobile applications are very alluring to organizations. Ironically, the same reasons render them a security risk. Unauthorized application users can avail quick and Effortless access to data. Learn here about its remedies.
One of the most popular authentication frameworks for stateless web services is the JWT or the JSON Web Token. The JWT replaces the need to issue and maintain a “Session Token”. Let's quickly explain how this works in this article.
Learn about my key take aways from OWASP AppSec -USA in this article.
Over the years, Web scraping has become much easier. This technology is more accessible than ever and its big business in its own right. It can be a serious problem in any content-driven app and you need to look into it seriously, as an integral part of your security program. Let’s explore some security issues in this article.
This blogpost has been written in the wake of the potentially earth-shattering discovery of security vulnerabilities in some key Java libraries. In case you are unaware of these security issues, you must read it here in detail.
Based on our own efforts in penetration testing and security research, we see the following changes that we believe have either become or fast becoming game changers in application delivery, and therefore in application security.
Most sites that claim to be “great at security” do a really bad job of protecting passwords (with cryptography). Some of them use poor quality encryption and so on. Read full article to know more about this.
Over the last 20 penetration tests that our company has performed, NTP attacks featured in over 15 of these tests. Thats a 75% hit rate! And that’s pretty significant.
Security unfortunately does not have much of a place in the boardroom of the average company. Here are three reasons why, Information Security must occupy a seat at your next boardroom discussion.
PCI-SSC released a document that detailed a guideline for Penetration Testing, specifically from the perspective of PCI-DSS Compliance. Penetration testing, especially after the PCI-DSS v 3.0 had become a major grey area for several companies.
Real life security breach case study where organizations have been hacked and the reasons will shock you!!
My analogy of a Master Health Check up can be applied to an Information Security program for such organisations whom I would like to call the 'First Timers'.
Retail attacks and retail malware is a serious issue in the industry. However, solutions to these problems are well within reach and in the realm of practicality.
Card breaches have been the central discussion point of many a portal on the "interwebs". RAK Bank in the UAE reported a credit card fraud amounting to about $45 million on their prepaid cards. The story became viral almost as soon as it was known.
Learn from this case study about how we hacked an online voting system platform in order to rectify a hack.