In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript: In this episode, James talks about root cause analysis versus treating … [Read more...] about Ep. 120: Addressing Root Cause – Vulnerable Components
In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Listen to the Episode: Link to article referenced: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords For more info go to https://www.developsec.com or follow us on twitter (@developsec). … [Read more...] about Ep. 119: Risks of SpellCheck
Did you know that input fields on a web form support spell checking by default in many web browsers? This is a feature of the browser that can help catch errors early for the end user. Recently, some testers found that some data may be leaked during the spell checking function to 3rd parties. Here is a reference article describing this: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords The first point to make here is this is … [Read more...] about The risk of Spell Checking
Many people get confused between brute force attacks and credentials stuffing. To help clear this up, here is a simple description of the two. These are both in regards to the login form only. Brute Force Brute force attacks on the login form consist of the attacker having a defined list (called a dictionary) of potential passwords. The attacker will then try each of these defined passwords with each username the attacker is trying to brute force. Put simply, this is a 1 (username) too many … [Read more...] about What is the difference between Brute Force and Credential Stuffing?
Hey everyone, I have spent a lot of time working in application security and prior to that, development. Over the years, I have had a chance to reflect a bit on some of the security issues I saw as a developer and as a security practitioner. In an effort to help share some of this knowledge and experience, I am starting a podcast series focused on secure development. The goal is for shorter, 10-20 minute, episodes. I hope you take a moment to take a listen. Transcript: Hi, and welcome to … [Read more...] about Ep. 1: Introduction to the Podcast