• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

News

January 19, 2023 by James

The risk of Spell Checking

Did you know that input fields on a web form support spell checking by default in many web browsers? This is a feature of the browser that can help catch errors early for the end user. Recently, some testers found that some data may be leaked during the spell checking function to 3rd parties. Here is a reference article describing this: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords The first point to make here is this is … [Read more...] about The risk of Spell Checking

Filed Under: General, News Tagged With: AppSec, developsec, secure coding, security, security testing

September 29, 2017 by James Jardine Leave a Comment

Equifax Take-aways

By now, you must have heard about the Equifax breach that may have affected up to 143 million records of user people's information. At this point, I don't think they can confirm exactly how many records were actually compromised, leading to going with the larger of the numbers just to be safe. While many are quick to jump to conclusions and attempt to Monday morning quarterback what they did or didn't do to get breached, I like to focus on what we can learn for our own organizations. There are a … [Read more...] about Equifax Take-aways

Filed Under: News, Take-Aways Tagged With: application security, AppSec, breach, data breach, equifax, hack, lessons learned, security, security awareness, security testing

August 10, 2017 by James Jardine Leave a Comment

Blue Cross Mails USB sticks – Take-Aways

You have information you want to share with your customers, but how do you do it securely? How often have you heard not to click links sent via email? You shouldn't plug in random USB drives to your computer. From a marketing perspective, how do you get large amounts of information, such as videos and specific information, out to your customers? In a report by Fierce Healthcare … [Read more...] about Blue Cross Mails USB sticks – Take-Aways

Filed Under: News, Take-Aways Tagged With: applicaiton security, AppSec, enterprise security, secure, security, security awareness

July 24, 2017 by James Jardine Leave a Comment

MySpace Account Takeover – Take-aways

Have you ever forgotten your password, or lost access to your accounts? I know I have. The process of getting your access back can range from very easy to quite difficult. In one case, I had an account that required that a pin code be physically mailed to me in 7-10 days. Of course, this was a financial account that required extra protections. I came across this article (https://www.wired.com/story/myspace-security-account-takeover/) that identified that MySpace's process for regaining access … [Read more...] about MySpace Account Takeover – Take-aways

Filed Under: News, Take-Aways Tagged With: application security, AppSec, developer, developer security, qa, qa security, qa testing, secure development, security

March 3, 2017 by James Jardine Leave a Comment

Using the AWS disruption to your advantage

By now you have heard of the amazon issues that plagued many websites a few days ago. I want to talk about one key part of the issue that often gets overlooked. If you read through their message describing their service disruption (https://aws.amazon.com/message/41926/) you will notice a section where they discuss some changes to the tools they use to manage their systems. So let's take a step back for a moment. Amazon attributed the service disruption to basically a simple mistake … [Read more...] about Using the AWS disruption to your advantage

Filed Under: News, Take-Aways Tagged With: application security, AppSec, secure code, secure coding, secure development, security, security testing

January 26, 2017 by James Jardine Leave a Comment

Gmail will block JavaScript file attachments

According to a recent announcement, Gmail will start blocking .js file attachments starting February 13, 2017. Blocking specific attachment types isn't something that is new to Gmail. They already block attaching file attachments that are .exe, .msc, and .bat types. The recent move to add javascript files is most likely related to the recent malware/ransomware campaigns that have started using JavaScript files instead of Microsoft Office files. There was an article posted back in April … [Read more...] about Gmail will block JavaScript file attachments

Filed Under: News Tagged With: application security, email, hacking, javascript, mail security, ransomware, secure development, security

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved