Zero to account takeover: How I ‘Impersonated’ Someone Else Using Auth0

There’s a fine line between an unintended use and a bug; this was my conclusion after taking a look at Auth0, an identity-as-a-service offering with 2000 enterprise customers – more or less the size of Schneider Electric, Atlassian, Dow Jones, Nvidia, and Mozilla, among others – and 42 million logins ... Read More
2017 OWASP Top 10: The Good, the Bad and the Ugly

2017 OWASP Top 10: The Good, the Bad and the Ugly

Since its founding in 2001, the Open Web Application Security Project (OWASP) has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 2017 edition of the ... Read More