web app security – WindowsTechs.com

How to configure BurpelFish

Posted on July 27, 2021 by Alex Rodriguez

I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds a google translate context option to your BurpSuite’s right click. When … Continue reading How to configure BurpelFish→

Code Itself Is a Growing Security Threat

Posted on May 28, 2021 by Marcos Christodonte II

As the pace of digitization across the global economy accelerates, companies are creating more and more software. This is putting greater pressure on internal teams to deliver on schedule, within budget and to stay ahead of security vulnerabilities. T… Continue reading Code Itself Is a Growing Security Threat→

Waving the White Flag: Why InfoSec should stop caring about HTTPOnly

Posted on July 20, 2020 by Mic Whitehorn-Gillam

As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk is second-nature to us. On one hand, we never want to undersell a risk, and have a client accept that r… Continue reading Waving the White Flag: Why InfoSec should stop caring about HTTPOnly→

Once upon a time there was a WebSocket

Posted on March 20, 2020 by Jason Gillam

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the multitudes of evolving web app platforms built on a poorly understood tech… Continue reading Once upon a time there was a WebSocket→

It’s Okay, We’re All On the SameSite

Posted on February 4, 2020 by Cory Sabol

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m g… Continue reading It’s Okay, We’re All On the SameSite→

Spring Break without Breaking the Bank: Hands On Training

Posted on November 27, 2018 by Kevin Johnson

Over the last eight years, one of the main focuses of Secure Ideas has been education. One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security. &… Continue reading Spring Break without Breaking the Bank: Hands On Training→

Three C-Words of Web App Security: Part 2 – CSRF

Posted on October 24, 2018 by Mic Whitehorn-Gillam

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, … Continue reading Three C-Words of Web App Security: Part 2 – CSRF→

SamuraiWTF 4.0 Finally Released

Posted on October 22, 2018 by Kevin Johnson

In February of this year, Mic posted a blog discussing the future of SamuraiWTF. (You can go read it here if you don’t remember). As we discussed then, the build process that has supported this project for the last decade is WAY too … Continue reading SamuraiWTF 4.0 Finally Released→

Security Boulevard’s 5 Most Read Stories for the Week, August 20-24

Posted on August 27, 2018 by Saleem Padani

A new week, a new crop of security stories. Last week, malware complacency, Russian cyberspies, GDPR compliance and Mirai IoT malware made the headlines. In addition, we analyzed top security threats for web apps. Be sure to check Security Boulevard d… Continue reading Security Boulevard’s 5 Most Read Stories for the Week, August 20-24→