Tag: Application Security

Beyond XSS and CSRF: Same Origin Method Execution

Unless you were living under a rock last fall, you heard about the major iCloud hack that saw nude pictures of A-list celebrities posted all over the web. The fact that someone could hack into private clouds and steal the sensitive data contained within alarmed web users around the world.   That wasn’t the only

Read More ›

Must Know Security Buzzwords For Application Builders and Defenders

In security, there is always a new term being thrown around, and it’s important to know what each one means for anyone involved in the spectrum of security management, from CISO to security team to development team. Without the common language, conversations around security could feel altogether foreign for different folks.   Say what you

Read More ›

OWASP Top 10 for IoT Explained

Even though the software industry has been dealing with security issues since the web introduced itself almost 30 years ago, IoT manufacturers who have not had this struggle in the past are now stepping into a world of pain which they can probably avoid if they use the lessons learned in the past.  Internet of

Read More ›

21 Awesome Talks and Resources on Security and DevOps

As we wrote about last week, the explosion of DevOps – with 88% of businesses saying they’ve adopted or will adopt DevOps within the next five years – has made it clear that we need to tightly integrate security in the fast-paced, iterative cultures that are DevOps organizations.   We can’t fight DevOps, if we

Read More ›

Proactive AppSec

The Ten Commandments of Proactive Application Security

When you’re constantly reacting to suspicious alerts and fixing vulnerabilities only after they’ve been exploited, you’re missing the point of application security.   Application security, according to Wikipedia, “encompasses the measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying vulnerabilities… of the application.” The practice

Read More ›

Application Security Metrics: Where (And Why) To Begin?

A wise man once said, “to measure is to know…if you cannot measure it, you cannot improve it.” When it comes to application security, measurements are crucial to the success of your program. But determining how to best combine your measurements into metrics which show your programs value is much more important. As a CISO

Read More ›

All You Wanted To Know About Continuous Integration Security

Continuous Integration (CI) is an application development practice that’s becoming more and more popular in large software development organizations. While it boosts productivity and code integrity, it introduces new technical challenges in the security process, magnifying the importance of selecting of the right solution for the task.  

Read More ›

The AliExpress XSS Hacking Explained

This post was originally published on the AppSec-Labs blog.   As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate

Read More ›

Jump to Category