web app security

One of the security issues you might face with your website or web app is request smuggling.HTTP request smuggling is a security vulnerability that allows an attacker to interfere with the way ...

As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk is second-nature to us. On one hand, we never want ...

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the ...

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, ...

This is the final part of this series on putting together a better API testing tool-chain. In Part 1, I covered a basic introduction to Postman and how to use it to ...

This is the third and final part in this three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web ...

Over the last eight years, one of the main focuses of Secure Ideas has been education. One responsibility we take very seriously is that of growing the skills within our clients and ...

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to ...

In February of this year, Mic posted a blog discussing the future of SamuraiWTF. (You can go read it here if you don’t remember). As we discussed then, the build process that ...

A new week, a new crop of security stories. Last week, malware complacency, Russian cyberspies, GDPR compliance and Mirai IoT malware made the headlines. In addition, we analyzed top security threats for ...