web application security – Page 7

Once upon a time there was a WebSocket

Posted on March 20, 2020 by Jason Gillam

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the multitudes of evolving web app platforms built on a poorly understood tech… Continue reading Once upon a time there was a WebSocket→

Increase web application security without causing any user disruption

Posted on March 19, 2020 by Mirko Zorz

In this podcast recorded at RSA Conference 2020, Jason A. Hollander, CEO, and Paul B. Storm, President at Cymatic, talk about how their platform builds a defensible barrier around the user, so web-based threats can be stopped at the source. Here’s a tr… Continue reading Increase web application security without causing any user disruption→

Building Blocks: Professionally Evil Fundamentals Series

Posted on March 12, 2020 by Kevin Johnson

We at Secure Ideas love security education. What we enjoy even more is affordable security education. So we decided to start a Professionally Evil Fundamentals Video series. These are short definition videos related to information security and penetrat… Continue reading Building Blocks: Professionally Evil Fundamentals Series→

Why Businesses Should Consider Managed Cloud-Based WAF Protection

Posted on February 28, 2020 by The Hacker News

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber… Continue reading Why Businesses Should Consider Managed Cloud-Based WAF Protection→

It’s Okay, We’re All On the SameSite

Posted on February 4, 2020 by Cory Sabol

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m g… Continue reading It’s Okay, We’re All On the SameSite→

Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)

Posted on January 23, 2020 by Chetan Conikee

Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)
In the previous post we examined few of the published insider attacks over the current decade. In this post we attempt to mine, extract and classify patt… Continue reading Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)→

Preventing Server Side Request Forgery (SSRF)

Posted on December 20, 2019 by Alfred Chung

Reflecting on 2019 It’s just a few days from Christmas and not long until we bid farewell to 2019 and ring in the new year. It’s a time when we reflect on the past year, and in the world of…
The post Preventing Server Side Request For… Continue reading Preventing Server Side Request Forgery (SSRF)→

Vandana Verma: Passionate guide for the web application security journey

Posted on November 20, 2019 by Taylor Armerding

Vandana Verma, security architect at IBM India Software Labs and web application security expert, shares her advice on tools, training, and shifting left.
The post Vandana Verma: Passionate guide for the web application security journey appeared first… Continue reading Vandana Verma: Passionate guide for the web application security journey→

The Impact and Tactics of Retail E-commerce Web Attacks

Posted on November 20, 2019 by Brendon Macaraeg

The online shopping season is upon us as consumers search the web for the best deals on gifts. The revenue opportunity for retailers with online storefronts is substantial—and not just during the holidays: the Nilson Report, which covers the paym… Continue reading The Impact and Tactics of Retail E-commerce Web Attacks→