The nVisium Blog

Introducing Httpillage

Published on November 11, 2015 by John Poulin

httpillage is a tool designed to provide the ability to easily improve the traditional testing flow by allowing the attacker to distribute the attacks across many different nodes.


nVisium's Code Remediation Service

Published on October 21, 2015 by Ken Johnson

Three years ago, Jack (our CEO) and I sat at a local coffee shop and contemplated what was next for nVisium. We wanted to have a meaningful impact on our clients' security programs. We wanted to equip our clients with services that made sure their security programs mitigated risk and demonstrated value.


Secure File Uploads

Published on October 13, 2015 by Jonn Callahan

Implementing secure file uploads is something a lot of developers struggle with. Not because they're bad developers, but because of how difficult it can be to do correctly. This post is going to cover a few different methods for handling this common functionality and the possible pitfalls that come with each. Sample code snippets leveraging Python+Flask for each implementation are also provided. Additionally, there is a general checklist at the end which should help developers bring their apps up to a decent security level.


Welcome, David Lindner!

Published on October 6, 2015 by nVisium Team

nVisium welcomes David Lindner, a seasoned security expert with a history of building services around mobile application security and, more recently, Internet of Things (“IoT”) security. David has deep knowledge of, and experience in, a wide range of programming languages, Mobile & IoT technology, and creating value-added services for clients. He’s the right choice to lead nVisium’s Mobile & IoT practice.


CSAW Qualifiers: Lawn Care Simulator Walkthrough

Published on September 20, 2015 by John Poulin

For those who aren't familiar, CSAW is an annual Capture the Flag (CTF) event hosted by NYU Polytechnic School of Engineering. It is a CTF intended for undergraduate students, but the qualifiers are open to anyone.

This post will walk you through one of the medium-difficulty web-application challenges.


Crossed by Cross-Site-Scripting: Exploring the Impact of XSS

Published on September 11, 2015 by Nikhil Charles

When I started my summer internship at nVisium, I was very new to the world of application security. One of my first tasks was to become familiar with the OWASP Top Ten. It took some time for me to understand the impact of these vulnerabilities, but XSS seemed rather harmless given that all the proof-of-concept exploits were simply alert boxes saying "xss." It turns out, however, that XSS is far more dangerous than it appeared at first glance.

In this post, we'll explore some of the risks associated with XSS and how you can defend your own applications from this type of attack.


Subscribe to our blog updates