A simple error to make when sending an email with sensitive data is to send it to the wrong email address. Imagine you are sending some information to Dave down in accounting. When you fill out the email you start typing Dave and the auto-complete pops up and you select the first one (out of habit). You think you have selected the right Dave, but what if you didn't? How would you know that you were about to send potentially sensitive information outside of the organization? Apple Mail and iOS … [Read more...] about Apple Mail: Highlighting External Email Addresses
General
Checking npm packages using npm-audit
Our applications rely more and more on external packages to enable quick deployment and ease of development. While these packages help reduce the code we have to write ourselves, it still may present risk to our application. If you are building Nodejs applications, you are probably using npm to manage your packages. For those that don't know, npm is the node package manager. It is a direct source to quickly include functionality within your application. For example, say you want to hash your … [Read more...] about Checking npm packages using npm-audit
Thinking about starting a bug bounty? Do this first.
Application security has become an important topic within our organizations. We have come to understand that the data that we deem sensitive and critical to our business is made available through these applications. With breaches happening all the time, it is critical to take reasonable steps to help protect that data by ensuring that our applications are implementing strong controls. Over the years, testing has been the main avenue for "implementing" security into applications. We have seen a … [Read more...] about Thinking about starting a bug bounty? Do this first.
Overview of Web Security Policies
A vulnerability was just identified in your website. How would you know? The process of vulnerability disclosure to an organization is often very difficult to identify. Whether you are offering any type of bounty for security bugs or not, it is important that there is a clear path for someone to notify you of a potential concern. Unfortunately, the process is different on every application and it can be very difficult to find it. For someone that is just trying to help out, it can be very … [Read more...] about Overview of Web Security Policies
Installing BeEF on ubuntu 18.04
While working on a VM for a class, I had the opportunity to install BeEF for the students. This was the first VM I have built using Ubuntu 18.04, so I expected there to be a few hiccups along the way. The good news is that the process was pretty straight forward and simple. Here are the steps to getting this up and running on Ubuntu 18.04. https://youtu.be/hD_JRo7YPcg I started off by creating a new virtual machine using Ubuntu 18.04. I won't go through the steps of creating a new virtual … [Read more...] about Installing BeEF on ubuntu 18.04
You’re not always right and that is ok
How do you feel when you realize that a decision you made or an action you took wasn't as right as you thought? For me, being right is something I try too hard for, almost. I have spent most of my life living over cautiously to make sure that what I was doing was right. I am typically quiet on topics unless I believe my response is right. I do this because I don't want to fail. I don't want to be wrong. When it comes to security, I think this is a common feeling. Those in the security … [Read more...] about You’re not always right and that is ok