Application Security

AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start

Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development process. Leif Dreizler wrote a great article suggesting that not only do we need to shift security left, but shift engineering right. I agree, but why stop there. We all need to cultivate …

AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start Read More »

Linux X86 Assembly - How to Build a Hello World Program in NASM

Linux X86 Assembly – How to Build a Hello World Program in NASM

Overview A processor understands bytecode instructions specific to that architecture.  We as humans use mnemonics to make building these instructions easier than remembering a bunch of binary codes.  These mnemonics are known as assembly instructions.  This is one of the lowest levels of programming that can be done.  This programming is a bit of a …

Linux X86 Assembly – How to Build a Hello World Program in NASM Read More »

teacher and chalkboard

The Death and Rebirth of Musashi.js OR How I turned personal failure into better teaching tools.

A little background… As I stood in front of a class of developers trying to explain cross-origin resource sharing (CORS), I knew I wasn’t conveying it well enough for a significant subset of the group. It was Autumn 2017 (not my password at the time, by the way), and I was on-site with one of …

The Death and Rebirth of Musashi.js OR How I turned personal failure into better teaching tools. Read More »

Better API Penetration Testing with Postman – Part 3

In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities. In this part, we will dig into some slightly more advanced functionality in Postman that you …

Better API Penetration Testing with Postman – Part 3 Read More »

Android App Testing on Chromebooks

Update: As of March 2021, I’d recommend using Android Virtual Devices over Chromebooks.  Chromebooks still work (in many cases) but the AVDs are much easier to build and use. Jason wrote a great blog on how to set them up and can be found here: https://secureideas.com/blog/2020/09/how-to-configure-android-virtual-for-mobile-pentest.html.  If you are still interested in using a Chromebook, …

Android App Testing on Chromebooks Read More »

Twelve Days of XSSmas

This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, to old (but still good) classic XSS tips, to scripts that make (or contribute to) interesting proof-of-concept payloads. Day 1 – Template Literals …

Twelve Days of XSSmas Read More »

Scroll to Top