web app security

It’s Okay, We’re All On the SameSite

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m going to demonstrate a scenario in which the SameSite default won’t actually stop a CSRF attack from …

It’s Okay, We’re All On the SameSite Read More »

Three C-Words of Web App Security: Part 3 – Clickjacking

This is the third and final part in this three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. The first part, which was on CORS (Cross-Origin Resource …

Three C-Words of Web App Security: Part 3 – Clickjacking Read More »

Spring Break without Breaking the Bank: Hands On Training

Over the last eight years, one of the main focuses of Secure Ideas has been education.  One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security.  This mindset and core passion of Secure Ideas is because we all …

Spring Break without Breaking the Bank: Hands On Training Read More »

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, I posted part one, which was Three C-Words of Web App Security: …

Three C-Words of Web App Security: Part 2 – CSRF Read More »

Professionally Evil Web App Pen Testing 101 Course

UPDATE: Updated the done steps. below.  Also changed the links from S3 to Git. Since our founding in 2010 Secure Ideas has always tried to focus on education and increasing the amount of available knowledge in our field.   As such we have contributed to courses, presented at conferences around the world and contributed to open …

Professionally Evil Web App Pen Testing 101 Course Read More »

Scroll to Top