• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

Uncategorized

April 10, 2018 by James Jardine

MyFitnessPal Breach – Take-Aways

It was recently announced that MyFitnessPal suffered a breach of around 150 million records (https://www.cnet.com/news/millions-of-myfitnesspal-accounts-hacked-under-armour-says/). The breach affected usernames, email addresses and hashed passwords. There are no reports that any other personal information, such as SSN or credit card info has been impacted. It is always important for us to understand the actual types of data exposed as it changes how we look at the risk created to the users. It … [Read more...] about MyFitnessPal Breach – Take-Aways

Filed Under: Uncategorized

October 12, 2016 by James Jardine Leave a Comment

Insulin Pump Vulnerability – Take-aways

It was recently announced that there were a few vulnerabilities found with some insulin pumps that could allow a remote attacker to cause the pump to distribute more insulin than expected. There is a great write up of the situation here. When I say remote attack, keep in mind that in this scenario, it is someone that is within close proximity to the device. This is not an attack that can be performed via the Internet. This situation creates an excellent learning opportunity for anyone that … [Read more...] about Insulin Pump Vulnerability – Take-aways

Filed Under: Uncategorized Tagged With: application security, AppSec, penetration testing, secure coding, secure design, security, security research, security testing

July 28, 2016 by James Jardine Leave a Comment

How Serious is Username Enumeration

Looking through Twitter recently, I caught a very interesting stream that started with the following message: What's the deal with the enumeration exclusions on all the @bugcrowd bounties. Clients just don't want to fix?— Stephen Haywood (@averagesecguy) July 26, 2016 There were quite a few replies, and a good discussion on the topic of the seriousness of username enumeration flaws. 140 characters is difficult to share a lot of thoughts, so I thought this would actually be … [Read more...] about How Serious is Username Enumeration

Filed Under: Uncategorized Tagged With: application security, AppSec, bug bounty, enumeration, penetration testing, qa, qa testing, research, secure design, security, username enumeration

June 3, 2016 by James Jardine Leave a Comment

Understanding the “Why”

If I told you to adjust your seat before adjusting your mirror in your car, would you just do it? Just because I said so, or do you understand why there is a specific order? Most of us retain concepts better when we can understand them logically. Developing applications requires a lot of moving pieces. An important piece in that process is implementing security controls to help protect the application, the company, and the users. In many organizations, security is heavily guided by an … [Read more...] about Understanding the “Why”

Filed Under: Uncategorized Tagged With: applicaitons, application security, AppSec, ba, developer, developer training, development, penetration testing, qa, secure development, security, security testing

March 22, 2016 by James Jardine Leave a Comment

Introduction to Penetration Testing for Application Teams

In this presentation, James Jardine focuses on educating application teams on what a penetration test is and how to extract the most value from it. Application teams learn how to participate in the engagement and better understand the report. You can watch the recorded session at any time at: https://youtu.be/I1PukF8Glh0 https://youtu.be/I1PukF8Glh0 … [Read more...] about Introduction to Penetration Testing for Application Teams

Filed Under: Uncategorized Tagged With: app sec, application security, AppSec, developer, developer awareness, pen testing, penetration testing, secure development, security, security testing, vulnerability, vulnerability assessment

January 22, 2016 by James Jardine Leave a Comment

Sharing with Social Media

Does your application provide a way for users to share their progress or success with others through social media? Are you thinking about adding that feature in the future? Everyone loves to share their stories with their friends and colleagues, but as application developers we need to make sure that we are considering the security aspects of how we go about that. Take-Aways Use the APIs when talking to another service Don't accept credentials to other systems out of your control Check … [Read more...] about Sharing with Social Media

Filed Under: Uncategorized Tagged With: developer, developer awareness, developer security, secure design, security, security awareness, security testing, social media, twitter

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved