OWASP’s Most Wanted

So you ask who is this OWASP and why do I care? Well, let’s hear it directly from them:  “Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.  Our mission is to make software security visible, so that individuals and organizations are able to …

OWASP’s Most Wanted Read More »

How to Test Your Security Controls for Small/Medium Businesses

We often get contacted by small businesses requesting their first penetration test because of compliance reasons, or because of “industry best practices,” or just to get an idea of how bad things really are. In many of those cases, their environment isn’t nearly mature enough to make a pentest worthwhile. Sometimes they’re insistent and we …

How to Test Your Security Controls for Small/Medium Businesses Read More »

HIMSS 2019 – Champions of Security Unite

Organizations of all sizes and industries face increasing challenges in safeguarding vast amounts of sensitive data, with Health Care being no different. The loss of Protected Health Information (PHI) incurs not only heavy fines and brand damage, but potentially everlasting damage to affected patients. According to the Ponemon Institute: The average total cost of a …

HIMSS 2019 – Champions of Security Unite Read More »

Three C-Words of Web App Security: Part 3 – Clickjacking

This is the third and final part in this three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. The first part, which was on CORS (Cross-Origin Resource …

Three C-Words of Web App Security: Part 3 – Clickjacking Read More »

Fuzz Testing

If you have a brand new piece of software, a program, a network, or an operating system, you will want to test it for any bugs, coding errors or other potential issues before it goes live. Fuzzing is a great way to do so. It’s also a good method to perform quality checks of your …

Fuzz Testing Read More »

Stored XSS; What Is It

In the cyber security world, there are a number of vulnerabilities to be aware of. Today we’re going to look at a specific one; Stored Cross-Site Scripting (XSS). Let’s start off by answering; what is cross-site scripting? An XSS attack is a type of injection that sends data through trusted sources, like web requests.  This …

Stored XSS; What Is It Read More »

Scroll to Top