AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world.

Businesses are scrambling to stay afloat and are forced to move digital in a very short span of time without… Continue reading AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

How I Became a Security Consultant: AbsoluteAppsec Interview

Every so often, podcasts and such will invite me to speak on a variety of topics. And this week, I was very excited to join @cktricky and @sethlaw on the Absolute AppSec podcast. I have known Ken for years, and he is one of the people that I admire. So… Continue reading How I Became a Security Consultant: AbsoluteAppsec Interview

Once upon a time there was a WebSocket

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the multitudes of evolving web app platforms built on a poorly understood tech… Continue reading Once upon a time there was a WebSocket

Increase web application security without causing any user disruption

In this podcast recorded at RSA Conference 2020, Jason A. Hollander, CEO, and Paul B. Storm, President at Cymatic, talk about how their platform builds a defensible barrier around the user, so web-based threats can be stopped at the source. Here’s a tr… Continue reading Increase web application security without causing any user disruption

Building Blocks: Professionally Evil Fundamentals Series

We at Secure Ideas love security education. What we enjoy even more is affordable security education. So we decided to start a Professionally Evil Fundamentals Video series. These are short definition videos related to information security and penetrat… Continue reading Building Blocks: Professionally Evil Fundamentals Series

Why Businesses Should Consider Managed Cloud-Based WAF Protection

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber… Continue reading Why Businesses Should Consider Managed Cloud-Based WAF Protection

It’s Okay, We’re All On the SameSite

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m g… Continue reading It’s Okay, We’re All On the SameSite

Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)

Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)
In the previous post we examined few of the published insider attacks over the current decade. In this post we attempt to mine, extract and classify patt… Continue reading Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)

What Website Owners Should Know About Terms and Conditions

All website owners should consider terms and conditions (T&Cs) to be a form of legal protection as they establish the responsibility and rights of the involved parties. T&Cs provide full security should anything go amiss and they also help you … Continue reading What Website Owners Should Know About Terms and Conditions

Preventing Server Side Request Forgery (SSRF)

Reflecting on 2019 It’s just a few days from Christmas and not long until we bid farewell to 2019 and ring in the new year. It’s a time when we reflect on the past year, and in the world of…
The post Preventing Server Side Request For… Continue reading Preventing Server Side Request Forgery (SSRF)