.svg "2024_Full_Logo_Full_Color_SVG (1)"){kind=logo}
Coming Soon - Twelve Days of ZAPmas
In December of 2018, I published a twelve-day series of cross-site scripting tips, tricks, and ...
Continue Reading
Three Excellent API Security Practices Most People Neglect
We are very much in the age of APIs. From widely-used single-purpose products like Slack to ...
Continue Reading
The Death and Rebirth of Musashi.js OR How I turned personal failure into better teaching tools.
A little background… As I stood in front of a class of developers trying to explain cross-origin ...
Continue Reading
Waving the White Flag: Why InfoSec should stop caring about HTTPOnly
As a company that is constantly working with our penetration testing clients on understanding where ...
Continue Reading
Proxying HTTPS Traffic with Burp Suite
The Problem For newcomers to application penetration testing, a reasonably common question is How ...
Continue Reading
Getting Started API Penetration Testing with Insomnia
In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the ...
Continue Reading
Better API Penetration Testing with Postman – Part 4
This is the final part of this series on putting together a better API testing tool-chain. In Part ...
Continue Reading
Better API Penetration Testing with Postman – Part 3
In Part 1 of this series, we got started with Postman and generally creating collections and ...
Continue Reading
Better API Penetration Testing with Postman – Part 2
In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API ...
Continue Reading
Better API Penetration Testing with Postman - Part 1
This is the first of a multi-part series on testing with Postman. I originally planned for it to be ...
Continue Reading
Three C-Words of Web App Security: Part 3 – Clickjacking
This is the third and final part in this three-part series, Three C-Words of Web Application ...
Continue Reading