Blog

  1. 5 Tips for Secure, Online Shopping

    With the holiday season in full swing, more folks are shopping online than any other time of the year. With the recent breaches of Target and Home Depot, many consumers are beginning to understand the need for exercising caution when shopping online.

    This blog post will highlight a few tips and tricks to help consumers stay secure when shopping online.

  2. Synergies in Application Security Vulnerabilities: Part I

    As a self-proclaimed tech-junkie and a professional penetration tester, I have often been asked, "What is the most critical vulnerability you have come across?" The difficulty in answering a question like this is that the severity of a vulnerability depends on the context of the attack--discovering a DOM-based Cross-Site Scripting vulnerability in an otherwise secure application may earn a hacker bragging rights amongst his or her peers, but the finding might not be useful for exploiting sensitive data. Similarly, two simpler vulnerabilities used together could give someone full control over an entire application.

    Here are a few common vulnerabilities that work well together:

  3. SecCasts is Free. Why?

    A few weeks ago we decided to make SecCasts, a pay-for application security training site, free. Why?

  4. Developing Secure Applications with Golang

    One topic that should come up more often (but doesn't) when considering new languages and frameworks is how secure they can be out of the box. Developers often consider things like performance, ease of use, and compatibility before starting a software project with a new framework. However, out-of-the-box security is an important feature to consider as well. It's easy to overlook how some of the default settings can leave holes open, especially for new developers, so framework authors should focus on making these as secure as possible right from the beginning.

  5. The AppSec Newb’s Journey Part II: Lessons I’ve Learned

    In the AppSec Newb's Journey series, I want to provide a starting point for those interested in AppSec but may not know where to start. This is the second part of the blog series, so please read Part I if you haven't done so already.

    This past year has led me on an incredible voyage through the world of Application Security. I've had so many new experiences, gained so many skills and so much knowledge, and established a foundation for me to further build my career and passion. Naturally, this journey had many bumps, but that's necessary in any learning process. These are a few critical lessons that you should take to heart when starting out in this field. In no particular order…

  6. The Golden Circle

    When I joined nVisium this past summer, I thought, "Man! nVisium has it all!" The location, the vision, great coworkers, free snacks…. But you know what was missing? An awesome branding message reflective of an awesome startup. Something that would really show others who we are.

    In order to better grasp what this "something" might be, I turned to the people inside. But when talking about the company, everyone had a slightly different focus. The more technical consultants would oftentimes stress specific tools, whereas sales and marketing strategists would emphasize how we differ from our competitors. The mixed messages started to get muddled, so it was time that we got back to the drawing board to come up with a concise and consistent image.

  7. Security Challenge, Universal Studios, and Authorization in AngularJS

    Ever since I was young, I think I have always been afraid of getting on roller coasters. Something about the notion of willingly subjecting myself to steep vertical drops while clinging onto a seatbelt for dear life never quite tickled my fancy. Of course, as luck would have it, most of my friends are roller coaster enthusiasts who thrill on the adrenaline rush of zooming through gravity-defying loop-de-loops…. And so, by majority rule, I found myself casually strolling through Universal Studios in Orlando, Florida, for a recent get together.

    As we stood in line for one of the rides, I couldn’t help but wonder what was preventing someone from simply jumping to the front. Naturally, the inner tech nerd in me came out and I started to analyze the security mechanism they had implemented in order to prevent sneaky people like me from skipping the line.