<img height="1" width="1" src="https://www.facebook.com/tr?id=1879927395628828&amp;ev=PageView &amp;noscript=1">

Your [Users’] Browsers, Crypto Mining and $24

I wrote a little while back about the AppSec Serenity Prayer and talked about things you can and can’t control in terms ...

Cryptocurrency Mining Where You Least Expect it

While working onsite with a client something popped into the Incident Response Queue and the client had to leap into ...

Easy to Implement JSON Web Token (JWT) Bugs: How to Avoid and

As I was doing some training the other day I came across some rather interesting bugs in a commonly used technology: ...

Reports of CSRF's demise have been greatly exaggerated

When the new OWASP Top 10 came out in December 2017, I was somewhat enthusiastic about one of the items dropping off: ...

Apples to Apples, Fortify Results Discrepancies

Or are they really oranges under the peel? Writing to you again about Fortify since I had so much interest in previous ...

Losing your Memory to Fortify – Tips on Memory Usage

It seems that no matter how much support you get from the vendors of these complicated test tools, there may still be ...

Quick and Easy Fortify Scans

Over the years, I’ve occasionally run security scans on projects that were buildable using Maven or Ant. Those of you ...

More Adventures in Pentesting

I was recently given three iOS applications on which to conduct penetration tests. I took the applications’ .ipa files ...

The Value of Manual Testing

Vendors want companies to think their automated vulnerability scanner is a turn-key solution to all their security ...

Sensitive Information in the Online World

Your Information on the Internet With more of our lives on the internet than ever, the coming generations only look to ...

The Many Frustrations of Being Cert Blocked

The other day, I was conducting a penetration test of a client’s software and ran into the following errors: Firefox ...

Plain HTTP, Postcards and HTTPS - Part 3

What Does HTTPS Get Me Then?

Plain HTTP, Postcards and HTTPS - Part 2

Encryption 101

Plain HTTP, Postcards and HTTPS - Part 1

Recent Training Feedback

Little Boxes | Vulnerability Assessment

Who remembers this song, written by Malvina Reynolds, and made famous by Pete Seegar (among others)? Little boxes on ...

Want more of the AsTech Blog? You got it.
Blog subscribers get email updates twice a week.

Comments