Application Security

Application Security

User Name Sieving, LinkedIn Grist

User Name Sieving, LinkedIn Grist

In a tour de force instructional blog post at Black Hills Infosec, Carrie Roberts displays remarkable acumen in the effort to distill user names via Portswigger's Burp Suite, with LinkedIn as input ...

Got Container Security? Make Sure to Secure Code and Supplemental Components

Organizations face numerous primary threats and security concerns when it comes to their container environments. Those issues extend into their build environment, an area which organizations need to protect because it’s usually ...
Access to Applications Based on a « Driving License » Model

Access to Applications Based on a « Driving License » Model

More and more countries are modifying their policies with a new “driving license” model. With a classic license model, drivers can be caught frequently; they just have to pay a huge amount ...

Multi-Factor Authentication Made Simple for Legacy and Custom Apps

Looking for an easier way to add multi-factor authentication (MFA) to legacy and custom applications? Look to a next-generation firewall and MFA integration to enforce it at the network layer ...
Diving into Summer Vacation Security Risks

Diving into Summer Vacation Security Risks

We are in the middle of the holiday season, and while it may be the most enjoyable part of the year, it’s definitely not the safest. We all take our technology gear ...

5 ways to find and fix open source vulnerabilities

A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about open source vulnerabilities. Here are five ...
Important SQLMap Commands

Important SQLMap Commands

The SQLMap tool can be found in every penetration tester’s toolbox. It is one of the most popular and powerful tools when it comes to exploiting SQL injection vulnerability, which itself tops ...
Owning SAML

Owning SAML

Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature ...
Watching yOUr Permissions

Watching yOUr Permissions

Often, one of the main goals of a pen tester is to get Domain Admin (DA) rights in a client’s Windows network. But why do we want to get that level of ...

Building an Effective API Security Strategy: Easy If You Have the Right Tools

In their approach to application programming interface (API) security, organizations exposing web APIs must balance ease of access with control. Like the bank robber attacking banks because “that’s where the money is,” ...
Loading...