Session management is a critical area to get right in developing a web application. The developer has to get it right or the entire app is risk of being compromised. Fortunately, the development frameworks have attempted to make this an implementation issue rather than a development issue. A developer just has to pick the mechanism for session management and implement … Read More
Scoping a Penetration Test
Last week I recorded a module about working with clients ahead of a penetration test for my upcoming online course, Breaking Web App Security. The module is a fairly straight forward discussion about the things we need to do as penetration testers before beginning any engagement. The section that I spent the most time on was scoping a penetration test. … Read More
Make Security Awareness Training Real
Think about the last security awareness training that you were forced to sit through by your employer. Do you remember anything specific from it? Neither can I. Why is that? Personally I believe it is because most of our awareness training is boring and isn’t written in a way that’s interesting at all. They dump tons of information at us, … Read More