web app security

Waving the White Flag: Why InfoSec should stop caring about HTTPOnly

As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk is second-nature to us. On one hand, we never want to undersell a risk, and have a client accept that risk based on an improperly informed position. On the other hand, I think …

Waving the White Flag: Why InfoSec should stop caring about HTTPOnly Read More »

Three C-Words of Web App Security: Part 3 – Clickjacking

This is the third and final part in this three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. The first part, which was on CORS (Cross-Origin Resource …

Three C-Words of Web App Security: Part 3 – Clickjacking Read More »

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, I posted part one, which was Three C-Words of Web App Security: …

Three C-Words of Web App Security: Part 2 – CSRF Read More »

Professionally Evil Web App Pen Testing 101 Course

UPDATE: Updated the done steps. below.  Also changed the links from S3 to Git. Since our founding in 2010 Secure Ideas has always tried to focus on education and increasing the amount of available knowledge in our field.   As such we have contributed to courses, presented at conferences around the world and contributed to open …

Professionally Evil Web App Pen Testing 101 Course Read More »

Scroll to Top