<img height="1" width="1" src="https://www.facebook.com/tr?id=1879927395628828&amp;ev=PageView &amp;noscript=1">

Making Users Hack Themselves - The XSS Bottom Line

In Cross-Site Scripting (XSS) the 2 most common types of this vulnerability are: Persisted and Reflected. No business ...

When Time Is Out - How Error Messages Can Give Hackers a

As people become more and more comfortable with shopping, banking, and communicating online they inevitably run into ...

Putting the “SERVICE” into Security Services – 3 Myths Busted

Target is hacked, Anthem is hacked, Sony is hacked and so on and so on and so on... Yet security is still a harder sell ...

Prep Work – A Recipe for Success

In many of the posts I’ve written, I discuss that AsTech does many types of security assessments.  Typically, they are ...

House Hunters — Log Home Edition

Ding dong — cue the cheesy music. It’s house hunters: “log” home edition! So, you are looking for a home for your logs. ...

Password Managers & Autosave=Off — The Bottom Line

The past 2 informative blog posts from Alec Shcherbakov and Phil Seay dealt with the use of Password Managers and the ...

Manual Security Code Review – There Is No Substitute

Website Security Vulnerability Statistics - Automated versus Manual Security Code Review Seems like every other day, ...

Off Target – Fines as a Deterrent

Breaking news: Target agrees to pay 18.5 million dollars to settle suits by 47 states in connection with their 2013 ...

Web Brutalism 2.0

Don’t become compromised via your third party code Have you heard about the new-old trend called “Web Brutalism”?

Patchwork

In a never-ending series of public service announcements (or so it seems), I would hereby like to broadcast the ...

Why use Red Teams?

Red teaming is a form of alternative analysis in which a team looks at a problem from an adversarial perspective. The ...

Devils of Abstraction

Your enemies think in three dimensions, and so should you. If you’re a Star Trek fan, and remember the 1982 movie, The ...

Patterns of Predictability – The Joy of Heuristic Analysis

Many of the clients that AsTech works with are collecting logs from various devices, databases, etc. A good first step. ...

Walls and Fences—Your Application Has a Security Perimeter

Defense in depth is an important security paradigm generally understood as multiple nested layers of protection ...

Application Security Trends – A Gradual Shift in Accountability

The realm of Application Security with its secure code concepts, vulnerability discovery techniques, and risk ...

Want more of the AsTech Blog? You got it.
Blog subscribers get email updates twice a week.

Comments