For those less versed in web applications and how they’ve evolved, I wrote a sort of prologue to this post back in April 2018, titled A Brief Evolution of Web Apps. This is the first in a three-part series, Three C-Words of Web Application Security. This one will deal with CORS, while the next will …
Author’s Note: This was actually meant to be the first part of a series called Three C-Words of Web App Security, dealing with CORS, CSRF, and Clickjacking, each in its own post. But as I started writing the exposition necessary to provide context around these issues, I realized that I really had so much background …
Samurai Web Testing Framework, if you’re not familiar with it, it’s a linux environment that is primarily now used for teaching web application penetration testing. It has a number of target web applications to train against, and a curated collection of attack tools. For the newest major version, we have made some changes to how …
I recently got the opportunity to speak at B-Sides Charleston on cross-site scripting (XSS) payload development. For me, this was a really enjoyable opportunity because of my background. I was a software developer specializing in web apps for about 10 years. I did web development as a hobby for more than 10 years before that. …