• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

vulnerability

March 19, 2022 by James Jardine Leave a Comment

Is encoding really encoding if it is escaping?

The title might be confusing, let's see if we can clear it up. I saw an article the other day that was giving a comparison between encoding, encryption and hashing. There was a statement made that basically said: Encoding has no security purpose. I thought this was interesting because when training on security topics we mention encoding for specific use cases. For example, when we discuss Cross-Site Scripting, the answer is output encoding. I want to clarify that I agree with the statement … [Read more...] about Is encoding really encoding if it is escaping?

Filed Under: General Tagged With: application security, AppSec, cross-site scripting, developer training, training, vulnerability, xss

December 15, 2021 by James Jardine Leave a Comment

Log4J – Reflection and Progression

Open any social media platform or pull up any mainstream media and undoubtably, you have seen many posts/articles talking about the log4j vulnerability. If you haven't seen this, here is a quick link to catch up https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/. This post is not going to be about log4j, nor is it going to go into any of the details the thousands of others articles out there would go through. Instead, I want to discuss this at a higher level. Log4j is just an … [Read more...] about Log4J – Reflection and Progression

Filed Under: General, Take-Aways Tagged With: 3rd party component, application security, AppSec, awareness, components, exploit, log4j, owasp, secure code, training, vulnerability, vulnerable component

January 4, 2019 by James Jardine Leave a Comment

What is the difference between Brute Force and Credential Stuffing?

Many people get confused between brute force attacks and credentials stuffing. To help clear this up, here is a simple description of the two. These are both in regards to the login form only. Brute Force Brute force attacks on the login form consist of the attacker having a defined list (called a dictionary) of potential passwords. The attacker will then try each of these defined passwords with each username the attacker is trying to brute force. Put simply, this is a 1 (username) too many … [Read more...] about What is the difference between Brute Force and Credential Stuffing?

Filed Under: Questions Tagged With: application security, AppSec, brute force, credential stuffing, developsec, pen testing, penetration test, pentest, secure development, secure testing, secure training, vulnerability

June 26, 2018 by James Jardine Leave a Comment

Thinking about starting a bug bounty? Do this first.

Application security has become an important topic within our organizations. We have come to understand that the data that we deem sensitive and critical to our business is made available through these applications. With breaches happening all the time, it is critical to take reasonable steps to help protect that data by ensuring that our applications are implementing strong controls. Over the years, testing has been the main avenue for "implementing" security into applications. We have seen a … [Read more...] about Thinking about starting a bug bounty? Do this first.

Filed Under: General Tagged With: app sec, application program, application security, application security program, AppSec, consulting, developer, developer awareness, development, hacking, hiring, pen test, pen testing, penetration testing, qa, quality, quality assurance, ransomware, secure code, secure program, security testing, security training, testing, vulnerability, vulnerability assessment, vulnerability disclosure

May 15, 2018 by James Jardine Leave a Comment

Installing OWASP JuiceShop with Heroku

I am often asked the question by clients and students where people can go to learn hacking techniques for application security. For years, we have had many purposely vulnerable applications available to us. These applications provide a safe environment for us to learn more about hacking applications and the vulnerabilities that are exposed without the legal ramifications. In this post I want to show you how simple it is to install the OWASP Juice Shop application using Heroku. Juice Shop is a … [Read more...] about Installing OWASP JuiceShop with Heroku

Filed Under: General Tagged With: application security, AppSec, developer, heroku, juice shop, owasp, secure development, security, security awareness, testing, vulnerability

May 10, 2018 by James Jardine Leave a Comment

Installing OWASP JuiceShop with Docker

I am often asked the question by clients and students where people can go to learn hacking techniques for application security. For years, we have had many purposely vulnerable applications available to us. These applications provide a safe environment for us to learn more about hacking applications and the vulnerabilities that are exposed without the legal ramifications. In this post I want to show you how simple it is to install the OWASP Juice Shop application using a Docker container. … [Read more...] about Installing OWASP JuiceShop with Docker

Filed Under: Uncategorized Tagged With: application security, AppSec, developer, juice shop, owasp, secure development, security, security awareness, testing, vulnerability

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved