Web Application Security
3 Reasons to Pentest with Brave
Penetration testing is a race against the clock. Often, we only have a few days to examine all the functionality of a web application or an API. That is why we spend ...
Top 10 Web Application Vulnerabilities and How to Mitigate Them
The inability to identify vulnerabilities in a web application can leave it unprotected against potential attackers, resulting in the mostContinue reading The post Top 10 Web Application Vulnerabilities and How to Mitigate ...
Enhancing Security Workflows in Palo Alto Networks Cortex XSOAR with Layer 7 Indicators
To protect applications as modern development processes evolve and accelerate, businesses need to integrate security as part of the DevOps and security toolchain. This is a primary driver behind why we built ...
Security Lessons Learned in Higher Education
Signal Sciences recently hosted a panel of security experts from higher education institutions to discuss application security challenges and opportunities they’ve experienced in their respective institutions and beyond. George Finney, CISO of ...
The Inside-Out Application Security Opportunity with RASP
Digital transformation projects demand that developers continually roll out new applications to fuel those efforts. These new applications and APIs can surface sensitive data and must be protected in production: RASP (runtime ...
[Webinars] Open source, threat modeling, Node.js security
Hear about the state of open source in our Red Hat partner webinar, discover our approach to threat modeling, and learn how to secure Node.js applications. The post [Webinars] Open source, threat ...
Hashing Functions – CISSP Domain 3
Today we’re going to take a quick look at hashing functions, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between hashing, encryption, ...
Waving the White Flag: Why InfoSec should stop caring about HTTPOnly
As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk is second-nature to us. On one hand, we never want ...
Navigating Cybersecurity Metrics For Web Applications
Maintaining a resilient security posture is an ongoing effort for every organization. As reports of data breaches, fraud, and cyberattacks grow increasingly common, it’s important to have strategies in place to mitigate ...
Proxying HTTPS Traffic with Burp Suite
This is easy to fix. All we need to do is tell our browser that the Burp CA can be trusted. Because every new installation of Burp generates a different CA, this ...
