Published on November 11, 2015 by John Poulin
Published on October 21, 2015 by Ken Johnson
Three years ago, Jack (our CEO) and I sat at a local coffee shop and contemplated what was next for nVisium. We wanted to have a meaningful impact on our clients' security programs. We wanted to equip our clients with services that made sure their security programs mitigated risk and demonstrated value.
Published on October 13, 2015 by Jonn Callahan
Implementing secure file uploads is something a lot of developers struggle with. Not because they're bad developers, but because of how difficult it can be to do correctly. This post is going to cover a few different methods for handling this common functionality and the possible pitfalls that come with each. Sample code snippets leveraging Python+Flask for each implementation are also provided. Additionally, there is a general checklist at the end which should help developers bring their apps up to a decent security level.
Published on October 6, 2015 by nVisium Team
nVisium welcomes David Lindner, a seasoned security expert with a history of building services around mobile application security and, more recently, Internet of Things (“IoT”) security. David has deep knowledge of, and experience in, a wide range of programming languages, Mobile & IoT technology, and creating value-added services for clients. He’s the right choice to lead nVisium’s Mobile & IoT practice.
Published on September 20, 2015 by John Poulin
For those who aren't familiar, CSAW is an annual Capture the Flag (CTF) event hosted by NYU Polytechnic School of Engineering. It is a CTF intended for undergraduate students, but the qualifiers are open to anyone.
This post will walk you through one of the medium-difficulty web-application challenges.
Published on September 11, 2015 by Nikhil Charles
When I started my summer internship at nVisium, I was very new to the world of application security. One of my first tasks was to become familiar with the OWASP Top Ten. It took some time for me to understand the impact of these vulnerabilities, but XSS seemed rather harmless given that all the proof-of-concept exploits were simply alert boxes saying "xss." It turns out, however, that XSS is far more dangerous than it appeared at first glance.
In this post, we'll explore some of the risks associated with XSS and how you can defend your own applications from this type of attack.