How to configure BurpelFish

I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds a google translate context option to your BurpSuite’s right click. When … Continue reading How to configure BurpelFish

Code Itself Is a Growing Security Threat

As the pace of digitization across the global economy accelerates, companies are creating more and more software. This is putting greater pressure on internal teams to deliver on schedule, within budget and to stay ahead of security vulnerabilities. T… Continue reading Code Itself Is a Growing Security Threat

Waving the White Flag: Why InfoSec should stop caring about HTTPOnly

As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk is second-nature to us. On one hand, we never want to undersell a risk, and have a client accept that r… Continue reading Waving the White Flag: Why InfoSec should stop caring about HTTPOnly

Once upon a time there was a WebSocket

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the multitudes of evolving web app platforms built on a poorly understood tech… Continue reading Once upon a time there was a WebSocket

It’s Okay, We’re All On the SameSite

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m g… Continue reading It’s Okay, We’re All On the SameSite

Three C-Words of Web App Security: Part 3 – Clickjacking

This is the third and final part in this three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application histor… Continue reading Three C-Words of Web App Security: Part 3 – Clickjacking

Spring Break without Breaking the Bank: Hands On Training

Over the last eight years, one of the main focuses of Secure Ideas has been education.  One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security. &… Continue reading Spring Break without Breaking the Bank: Hands On Training

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, … Continue reading Three C-Words of Web App Security: Part 2 – CSRF

SamuraiWTF 4.0 Finally Released

  In February of this year, Mic posted a blog discussing the future of SamuraiWTF. (You can go read it here if you don’t remember).  As we discussed then, the build process that has supported this project for the last decade is WAY too … Continue reading SamuraiWTF 4.0 Finally Released

Security Boulevard’s 5 Most Read Stories for the Week, August 20-24

A new week, a new crop of security stories. Last week, malware complacency, Russian cyberspies, GDPR compliance and Mirai IoT malware made the headlines. In addition, we analyzed top security threats for web apps. Be sure to check Security Boulevard d… Continue reading Security Boulevard’s 5 Most Read Stories for the Week, August 20-24