.NET

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

.NET Core

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

.NET MVC

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

.NET Security

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

.Net

Secure Password Strings in Java and C#

by David Coursey on Mar 31, 2016

ASP.NET

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

ASP.NET Core

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

ASP.NET MVC

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

ASP.NET Security

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

AWS

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

AWS re:Invent reCap

by John Poulin on Dec 06, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

nVisium, Now an Amazon Consulting Partner

by Ken Johnson on Dec 20, 2016

re:Invent Recap

by AWS Consulting Team on Dec 08, 2016

AWS Consulting Team

nVisium, Now an Amazon Consulting Partner

by Ken Johnson on Dec 20, 2016

re:Invent Recap

by AWS Consulting Team on Dec 08, 2016

AWS Lambda

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

AWS Security

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

nVisium, Now an Amazon Consulting Partner

by Ken Johnson on Dec 20, 2016

re:Invent Recap

by AWS Consulting Team on Dec 08, 2016

AWS Security Consulting

nVisium, Now an Amazon Consulting Partner

by Ken Johnson on Dec 20, 2016

re:Invent Recap

by AWS Consulting Team on Dec 08, 2016

Abdullah Munawar

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Access Control

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Akka HTTP Server

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Akka Security

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Amazon Web Services

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

Amy McElroy

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

Anand Vemuri

The Evil Side of JavaScript: Server-Side JavaScript Injection

by Anand Vemuri on Aug 27, 2015

Don't Break Your Backbone: XSS mitigation in Backbone.JS

by Anand Vemuri & Mike McCabe on May 21, 2015

Synergies in Application Security Vulnerabilities: Part I

by Anand Vemuri on Dec 10, 2014

Security Challenge, Universal Studios, and Authorization in AngularJS

by Anand Vemuri on Nov 06, 2014

Android

Why Mobile Application Security?

by David Lindner on Mar 14, 2018

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Android Studio

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

AppSec

Don't Touch Me That Way

by David Lindner on Jun 22, 2016

Secure Password Strings in Java and C#

by David Coursey on Mar 31, 2016

Introducing Httpillage

by John Poulin on Nov 11, 2015

Application Security

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

I presented my first talk at an InfoSec conference and lived to tell the tale

by Ryan Reid on Sep 27, 2017

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Exploring SSTI in Flask/Jinja2, Part II

by Tim Tomes on Mar 11, 2016

Exploring SSTI in Flask/Jinja2

by Tim Tomes on Mar 09, 2016

Secure File Uploads

by Jonn Callahan on Oct 13, 2015

Application Security Testing

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Application Security Training

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Application Vulnerabilities

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Appsec

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Attacks

Introducing Httpillage

by John Poulin on Nov 11, 2015

Authentication

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Azure

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Azure Container Service

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Black Hat

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

Brakeman

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Brian Glas

Three Reasons Why You Should Consider Attending the OWASP Summit 2018

by Brian Glas on Jun 29, 2017

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Brigade

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Burp

Introducing Httpillage

by John Poulin on Nov 11, 2015

C#

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

CAPTCHA

CAPTCHA: What? Why? Build. Break.

by Kyle Rippee on Mar 02, 2016

CBT

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

CRI-O

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

CSRF

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

CVE-2016-0752

Rails Dynamic Render to RCE (CVE-2016-0752)

by John Poulin on Jan 26, 2016

Chart

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Clea Ostendorf

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

Cloud

AWS re:Invent reCap

by John Poulin on Dec 06, 2017

Cloud Native Computing Foundation

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Cloud Security

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Cloud-Native

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Cloud-Native Security

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

CloudFront

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

CodeBuild

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

CodePipeline

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Computer-Based Training

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Container Orchestration

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Containers

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Continuous Deployment

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Continuous Integration

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Cross Site Request Forgery

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Cryptography

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Cyrus Malekpour

Golang Security and Concurrency

by Cyrus Malekpour & Mike McCabe on Jul 16, 2015

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

Developing Secure Applications with Golang

by Cyrus Malekpour on Nov 26, 2014

DC/OS

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

DEF CON

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

DEF CON 25

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

David Coursey

Secure Password Strings in Java and C#

by David Coursey on Mar 31, 2016

David Lindner

Don't Touch Me That Way

by David Lindner on Jun 22, 2016

DerbyCon

I presented my first talk at an InfoSec conference and lived to tell the tale

by Ryan Reid on Sep 27, 2017

DevOps

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Development

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Don't Touch Me That Way

by David Lindner on Jun 22, 2016

Secure Password Strings in Java and C#

by David Coursey on Mar 31, 2016

Django

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Docker

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

DockerHub

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Encryption

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Envoy

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Ernie Miller

What to Expect When You're Overriding

by Ernie Miller on Dec 21, 2015

Using the Rails 5 Attributes API Today, in Rails 4.2

by Ernie Miller on Jun 22, 2015

Flask

Exploring SSTI in Flask/Jinja2, Part II

by Tim Tomes on Mar 11, 2016

Exploring SSTI in Flask/Jinja2

by Tim Tomes on Mar 09, 2016

Secure File Uploads

by Jonn Callahan on Oct 13, 2015

GPG

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Geller Bedoya

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

Git

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

GitHub

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

HMAC-SHA-256

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

HTTP Security Headers

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

HTTP/2

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Hall Con

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

Helm

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Heptio

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Hong Yi Dong

The Balance Between UX and Security

by Hong Yi Dong on Oct 23, 2014

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

Httpillage

Introducing Httpillage

by John Poulin on Nov 11, 2015

Information Security

I presented my first talk at an InfoSec conference and lived to tell the tale

by Ryan Reid on Sep 27, 2017

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Insecure Deserialization

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Istio

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

JSON Web Tokens

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

JWT

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Jack Mannino

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Implementing CoAP The Secure Way, Part I: Fundamentals

by Jack Mannino on May 27, 2015

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

nVisium: The First Five Years

by Jack Mannino on Oct 28, 2014

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

OWASP Top 10 Mobile Risks

by Jack Mannino on Sep 27, 2011

Java

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Secure Password Strings in Java and C#

by David Coursey on Mar 31, 2016

Java Spring

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Jenkins

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Jerrick Davis

Exploration of the Apple Watch Backup Files

by Seth Law & Jerrick Davis on May 28, 2015

Jinja2

Exploring SSTI in Flask/Jinja2, Part II

by Tim Tomes on Mar 11, 2016

Exploring SSTI in Flask/Jinja2

by Tim Tomes on Mar 09, 2016

John Poulin

AWS re:Invent reCap

by John Poulin on Dec 06, 2017

Rails Dynamic Render to RCE (CVE-2016-0752)

by John Poulin on Jan 26, 2016

Introducing Httpillage

by John Poulin on Nov 11, 2015

CSAW Qualifiers: Lawn Care Simulator Walkthrough

by John Poulin on Sep 20, 2015

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

Time-Based Username Enumeration: Practical or Not?

by John Poulin on Jun 25, 2015

A Survey of Google Trusted Stores

by John Poulin on May 19, 2015

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

5 Tips for Secure, Online Shopping

by John Poulin on Dec 17, 2014

Understanding Rails' protect_from_forgery

by John Poulin on Sep 10, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

Trusting the Web

by John Poulin on Apr 11, 2014

Reflected XSS Vulnerability in Twitter-Bootstrap-Rails (CVE-2014-4920)

by John Poulin on Mar 28, 2014

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

Jonn Callahan

AWS re:Invent reCap

by John Poulin on Dec 06, 2017

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

Secure File Uploads

by Jonn Callahan on Oct 13, 2015

Advanced SQL Injection

by Jonn Callahan on Jun 17, 2015

KMS

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Kashti

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Kata Containers

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Ken Johnson

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

nVisium's Code Remediation Service

by Ken Johnson on Oct 21, 2015

You. Yes you. Read this!

by Ken Johnson on May 18, 2015

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

Too much information (TMI) & Rails as_json method

by Ken Johnson on Apr 04, 2014

Amazon Cloudfront URL Signing, Rails, and JWPlayer

by Ken Johnson on Mar 07, 2014

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

Insecure Mass Assignment Prevention - Mongoose & Node.js

by Ken Johnson on Jan 17, 2014

Railsgoat and Ruby on Rails Security

by Ken Johnson on Jun 10, 2013

Kindle Fire Security, Part III- Making Purchases With A Deregistered Device

by Ken Johnson on Dec 18, 2011

Kindle Fire Security, Part II- ADB, DropBox Manager

by Ken Johnson on Nov 22, 2011

Kindle Fire Security- Initial Thoughts

by Ken Johnson on Nov 16, 2011

Blackbox Vs. Whitebox Mobile Security Testing

by Ken Johnson on Jun 07, 2011

Revisiting Android TapJacking

by Ken Johnson on May 26, 2011

Exploitable Mobile App Challenge- Submission Period Extended!

by Ken Johnson on May 20, 2011

Exploitable Mobile App Challenge- Now Open!!

by Ken Johnson on Apr 12, 2011

Exploitable Mobile App Challenge

by Ken Johnson on Mar 24, 2011

Welcome To Our Blog

by Ken Johnson on Mar 04, 2011

Ken Toler

Intro to BurpSuite, Part VI: Burpsuite Sequencer

by Ken Toler on Jul 09, 2015

Node.js: Put a Helmet on...

by Ken Toler on Mar 12, 2015

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

Intro to Burp Part II: Sighting in your Burp Scope

by Ken Toler on Feb 21, 2014

Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy

by Ken Toler on Jan 10, 2014

Kubecon

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Kubernetes

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Kubernetes Security

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Kyle Rippee

CAPTCHA: What? Why? Build. Break.

by Kyle Rippee on Mar 02, 2016

Lambda

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

Lambda@Edge

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

Logging

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Marcus Richardson

The AppSec Newb’s Journey Part II: Lessons I’ve Learned

by Marcus Richardson on Nov 19, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Marjorie Meadors

A More Secure Development Lifecycle IV: Secure Design Techniques

by Marjorie Meadors on May 30, 2014

A More Secure Development Lifecycle III: Requirements Gathering Techniques

by Marjorie Meadors on May 23, 2014

A More Secure Development Lifecycle II: Requirements

by Marjorie Meadors on May 16, 2014

A More Secure Development Lifecycle I: Introduction

by Marjorie Meadors on Mar 21, 2014

Metaparticle

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Microservice Security

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Microservices

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Mike McCabe

Golang Security and Concurrency

by Cyrus Malekpour & Mike McCabe on Jul 16, 2015

Don't Break Your Backbone: XSS mitigation in Backbone.JS

by Anand Vemuri & Mike McCabe on May 21, 2015

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Hiring Unicorns

by Mike McCabe on Apr 18, 2014

Burp App Store

by Mike McCabe on Mar 14, 2014

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

Mobile

Don't Touch Me That Way

by David Lindner on Jun 22, 2016

Mobile Security Training

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Netty

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Nikhil Charles

Crossed by Cross-Site-Scripting: Exploring the Impact of XSS

by Nikhil Charles on Sep 11, 2015

Node.js

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

OCI

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

OCR

CAPTCHA: What? Why? Build. Break.

by Kyle Rippee on Mar 02, 2016

OWASP

Why Mobile Application Security?

by David Lindner on Mar 14, 2018

Three Reasons Why You Should Consider Attending the OWASP Summit 2018

by Brian Glas on Jun 29, 2017

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

OWASP Dependency Check

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

OWASP Mobile Top Ten

Why Mobile Application Security?

by David Lindner on Mar 14, 2018

OWASP Summit 2017

Three Reasons Why You Should Consider Attending the OWASP Summit 2018

by Brian Glas on Jun 29, 2017

OWASP Top 10

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Three Reasons Why You Should Consider Attending the OWASP Summit 2018

by Brian Glas on Jun 29, 2017

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Objective-C

Don't Touch Me That Way

by David Lindner on Jun 22, 2016

On-Demand Training

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Patrick Cooley

Docker Cache: Friend or Foe?

by Patrick Cooley on Oct 15, 2014

Challenges of Mobile API Signature Forgery with Burp Intruder

by Patrick Cooley on Feb 07, 2014

Penetration Testing

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Pentesting

AppSec Basics: Your First Pentest

by David Coursey on Feb 09, 2017

Play 2.6

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Play Framework

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Play Framework Security

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

PodSecurityPolicy

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Preparation

AppSec Basics: Your First Pentest

by David Coursey on Feb 09, 2017

Presentation

I presented my first talk at an InfoSec conference and lived to tell the tale

by Ryan Reid on Sep 27, 2017

Privacy

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Public Speaking

I presented my first talk at an InfoSec conference and lived to tell the tale

by Ryan Reid on Sep 27, 2017

Python

Secure File Uploads

by Jonn Callahan on Oct 13, 2015

RBAC

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Rails

Rails Dynamic Render to RCE (CVE-2016-0752)

by John Poulin on Jan 26, 2016

Rails Security

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Razor

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

Remote Code Execution

Rails Dynamic Render to RCE (CVE-2016-0752)

by John Poulin on Jan 26, 2016

Render

Rails Dynamic Render to RCE (CVE-2016-0752)

by John Poulin on Jan 26, 2016

Rich Grimes

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

Risks

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Role-Based Access Control

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Ruby On Rails

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Ruby on Rails

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Ryan Reid

Injecting Flask

by Ryan Reid on Dec 07, 2015

SAMM

Three Reasons Why You Should Consider Attending the OWASP Summit 2018

by Brian Glas on Jun 29, 2017

SDLC

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

SQL Injection

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

SameSite Cookies

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Scala

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Scala Security

Play 2.6 Security Analysis

by Jack Mannino on Oct 04, 2017

Seccomp

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Secrets Management

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Secure Code Training

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Secure Development

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Security

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Security Scanner

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Serverless

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Seth Law

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

Exploration of the Apple Watch Backup Files

by Seth Law & Jerrick Davis on May 28, 2015

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

Soft-Skills

I presented my first talk at an InfoSec conference and lived to tell the tale

by Ryan Reid on Sep 27, 2017

Software

Securing GitHub Commits With GPG Signing

by John Poulin on Jun 21, 2017

Software Security

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

Static Analysis

CodeBuild, Brakeman, and CodePipeline

by Ken Johnson on Mar 15, 2017

Stefan Edwards

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

Swift

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Tania Ryseck

SecCasts Live: Beyond the Pentest – The Evolving Security Landscape

by Tania Ryseck on Jun 04, 2015

The Golden Circle

by Tania Ryseck on Nov 12, 2014

10 Indicators You Know You Work for nVisium

by Tania Ryseck on Sep 03, 2014

Terraform

Migrating to Microservices: Securely & Safely

by Jack Mannino on Nov 16, 2017

Tim Tomes

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

Exploring SSTI in Flask/Jinja2, Part II

by Tim Tomes on Mar 11, 2016

Exploring SSTI in Flask/Jinja2

by Tim Tomes on Mar 09, 2016

Regex: Regularly Exploitable

by Tim Tomes on Jun 11, 2015

Method Interchange: The Forgotten Vulnerability

by Tim Tomes on May 12, 2015

Top 10

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Training

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Virtual Kubelets

Cloud-Native Insights from Kubecon 2017

by Jack Mannino on Dec 11, 2017

Vulnerabilities

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Web Application Penetration Testing

Introducing the nVisium On-Demand Training Platform

by Jack Mannino on Mar 02, 2017

Web Application Security

Musings on the OWASP Top 10 2017 RC1 Part 2: The Data

by Brian Glas on Apr 24, 2017

Musings on the OWASP Top 10 2017 RC1

by Brian Glas on Apr 18, 2017

Web Security

OWASP Top 10 2007-2017: The Fall of CSRF

by Jack Mannino on Nov 30, 2017

Webhooks

Event-Driven Kubernetes Security: Bringing in the Brigade

by Jack Mannino on Nov 07, 2017

XCode

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

activerecord

Using the Rails 5 Attributes API Today, in Rails 4.2

by Ernie Miller on Jun 22, 2015

amazon web services

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

amazon-aws

Amazon Cloudfront URL Signing, Rails, and JWPlayer

by Ken Johnson on Mar 07, 2014

amazon-kindle-fire

Kindle Fire Security, Part III- Making Purchases With A Deregistered Device

by Ken Johnson on Dec 18, 2011

Kindle Fire Security, Part II- ADB, DropBox Manager

by Ken Johnson on Nov 22, 2011

Kindle Fire Security- Initial Thoughts

by Ken Johnson on Nov 16, 2011

analysis

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

android

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

Automated Android APK Unpacking

by nVisium Team on Feb 28, 2014

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Kindle Fire Security, Part III- Making Purchases With A Deregistered Device

by Ken Johnson on Dec 18, 2011

Kindle Fire Security, Part II- ADB, DropBox Manager

by Ken Johnson on Nov 22, 2011

Kindle Fire Security- Initial Thoughts

by Ken Johnson on Nov 16, 2011

Revisiting Android TapJacking

by Ken Johnson on May 26, 2011

android network security

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

android security

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

android studio

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

android-security

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Kindle Fire Security, Part III- Making Purchases With A Deregistered Device

by Ken Johnson on Dec 18, 2011

Kindle Fire Security, Part II- ADB, DropBox Manager

by Ken Johnson on Nov 22, 2011

Kindle Fire Security- Initial Thoughts

by Ken Johnson on Nov 16, 2011

Revisiting Android TapJacking

by Ken Johnson on May 26, 2011

android-wear

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

angular-js

Security Challenge, Universal Studios, and Authorization in AngularJS

by Anand Vemuri on Nov 06, 2014

annotations

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

anorm

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

apkunpack

Automated Android APK Unpacking

by nVisium Team on Feb 28, 2014

apple-watch

Exploration of the Apple Watch Backup Files

by Seth Law & Jerrick Davis on May 28, 2015

application security

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

application vulnerabilities

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

application-security

Crossed by Cross-Site-Scripting: Exploring the Impact of XSS

by Nikhil Charles on Sep 11, 2015

The Evil Side of JavaScript: Server-Side JavaScript Injection

by Anand Vemuri on Aug 27, 2015

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

Time-Based Username Enumeration: Practical or Not?

by John Poulin on Jun 25, 2015

Advanced SQL Injection

by Jonn Callahan on Jun 17, 2015

Regex: Regularly Exploitable

by Tim Tomes on Jun 11, 2015

SecCasts Live: Beyond the Pentest – The Evolving Security Landscape

by Tania Ryseck on Jun 04, 2015

Don't Break Your Backbone: XSS mitigation in Backbone.JS

by Anand Vemuri & Mike McCabe on May 21, 2015

You. Yes you. Read this!

by Ken Johnson on May 18, 2015

Method Interchange: The Forgotten Vulnerability

by Tim Tomes on May 12, 2015

Node.js: Put a Helmet on...

by Ken Toler on Mar 12, 2015

Synergies in Application Security Vulnerabilities: Part I

by Anand Vemuri on Dec 10, 2014

Developing Secure Applications with Golang

by Cyrus Malekpour on Nov 26, 2014

The AppSec Newb’s Journey Part II: Lessons I’ve Learned

by Marcus Richardson on Nov 19, 2014

Security Challenge, Universal Studios, and Authorization in AngularJS

by Anand Vemuri on Nov 06, 2014

The Balance Between UX and Security

by Hong Yi Dong on Oct 23, 2014

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

Too much information (TMI) & Rails as_json method

by Ken Johnson on Apr 04, 2014

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Insecure Mass Assignment Prevention - Mongoose & Node.js

by Ken Johnson on Jan 17, 2014

Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy

by Ken Toler on Jan 10, 2014

Blackbox Vs. Whitebox Mobile Security Testing

by Ken Johnson on Jun 07, 2011

appsec

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

appsec-newb-journey

The AppSec Newb’s Journey Part II: Lessons I’ve Learned

by Marcus Richardson on Nov 19, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

appsecusa

The AppSec Newb’s Journey Part II: Lessons I’ve Learned

by Marcus Richardson on Nov 19, 2014

architecture

AWS re:Invent reCap

by John Poulin on Dec 06, 2017

assessments

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

Intro to Burp Part II: Sighting in your Burp Scope

by Ken Toler on Feb 21, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

Blackbox Vs. Whitebox Mobile Security Testing

by Ken Johnson on Jun 07, 2011

audio

Fun with CAPTCHA - Pt I

by Jonn Callahan on Feb 23, 2017

automated-forced-browsing

Introducing SpyDir

by Ryan Reid on Jan 18, 2017

automation

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

aws

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

backbone-js

Don't Break Your Backbone: XSS mitigation in Backbone.JS

by Anand Vemuri & Mike McCabe on May 21, 2015

beef

Crossed by Cross-Site-Scripting: Exploring the Impact of XSS

by Nikhil Charles on Sep 11, 2015

bitcoin

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

bitcoin mining

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

brakeman

Understanding Rails' protect_from_forgery

by John Poulin on Sep 10, 2014

browser-security

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

burp

Introducing SpyDir

by Ryan Reid on Jan 18, 2017

Regex: Regularly Exploitable

by Tim Tomes on Jun 11, 2015

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

Burp App Store

by Mike McCabe on Mar 14, 2014

Intro to Burp Part II: Sighting in your Burp Scope

by Ken Toler on Feb 21, 2014

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

Challenges of Mobile API Signature Forgery with Burp Intruder

by Patrick Cooley on Feb 07, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy

by Ken Toler on Jan 10, 2014

burp suite

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

burp-extensions

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

Burp App Store

by Mike McCabe on Mar 14, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

burp-suite

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

Intro to BurpSuite, Part VI: Burpsuite Sequencer

by Ken Toler on Jul 09, 2015

Regex: Regularly Exploitable

by Tim Tomes on Jun 11, 2015

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

Burp App Store

by Mike McCabe on Mar 14, 2014

Intro to Burp Part II: Sighting in your Burp Scope

by Ken Toler on Feb 21, 2014

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

Challenges of Mobile API Signature Forgery with Burp Intruder

by Patrick Cooley on Feb 07, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy

by Ken Toler on Jan 10, 2014

burp-suite-extension

Introducing SpyDir

by Ryan Reid on Jan 18, 2017

caja

Node.js: Put a Helmet on...

by Ken Toler on Mar 12, 2015

captcha

Fun with CAPTCHA - Pt I

by Jonn Callahan on Feb 23, 2017

cassandra

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

certificate pinning

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

cluster computing

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

coap

Implementing CoAP The Secure Way, Part I: Fundamentals

by Jack Mannino on May 27, 2015

code

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

codenarc

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

computer science

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

concurrency

Golang Security and Concurrency

by Cyrus Malekpour & Mike McCabe on Jul 16, 2015

conference

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

consulting

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

cookies

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

core-data

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

cpu degradation

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

cpu performance

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

cross-site-scripting

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

Reflected XSS Vulnerability in Twitter-Bootstrap-Rails (CVE-2014-4920)

by John Poulin on Mar 28, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

csaw

CSAW Qualifiers: Lawn Care Simulator Walkthrough

by John Poulin on Sep 20, 2015

csrf

A Survey of Google Trusted Stores

by John Poulin on May 19, 2015

Synergies in Application Security Vulnerabilities: Part I

by Anand Vemuri on Dec 10, 2014

Understanding Rails' protect_from_forgery

by John Poulin on Sep 10, 2014

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

custom headers

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

data validation

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

debug

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

deserializers

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

design

The Balance Between UX and Security

by Hong Yi Dong on Oct 23, 2014

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

development

What to Expect When You're Overriding

by Ernie Miller on Dec 21, 2015

Developing Secure Applications with Golang

by Cyrus Malekpour on Nov 26, 2014

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

nVisium Welcomes Seth Law as the Director of Research and Development!

by The nVisium Team on Jun 30, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

A More Secure Development Lifecycle IV: Secure Design Techniques

by Marjorie Meadors on May 30, 2014

A More Secure Development Lifecycle III: Requirements Gathering Techniques

by Marjorie Meadors on May 23, 2014

A More Secure Development Lifecycle II: Requirements

by Marjorie Meadors on May 16, 2014

Too much information (TMI) & Rails as_json method

by Ken Johnson on Apr 04, 2014

A More Secure Development Lifecycle I: Introduction

by Marjorie Meadors on Mar 21, 2014

Automated Android APK Unpacking

by nVisium Team on Feb 28, 2014

Challenges of Mobile API Signature Forgery with Burp Intruder

by Patrick Cooley on Feb 07, 2014

devise

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

diversity

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

django

Introducing Django.nV: An Intentionally Vulnerable Django Application

by nVisium Team on Aug 13, 2015

Method Interchange: The Forgotten Vulnerability

by Tim Tomes on May 12, 2015

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

django-nv

Introducing Django.nV: An Intentionally Vulnerable Django Application

by nVisium Team on Aug 13, 2015

docker

Docker Cache: Friend or Foe?

by Patrick Cooley on Oct 15, 2014

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

dot-net

Method Interchange: The Forgotten Vulnerability

by Tim Tomes on May 12, 2015

ec2

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

encryption

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

engineering

nVisium Welcomes Ernie Miller as the Director of Engineering!

by nVisium Team on Oct 06, 2014

entry-level

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

enumeration

Introducing SpyDir

by Ryan Reid on Jan 18, 2017

feedback

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

firefox

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

flask

Injecting Flask

by Ryan Reid on Dec 07, 2015

flow logs

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

formal

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

formal verification

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

format-string-injection

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

foxyproxy

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

geddy

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

getting-started-with-android-wear-security

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

go

Golang Security and Concurrency

by Cyrus Malekpour & Mike McCabe on Jul 16, 2015

Developing Secure Applications with Golang

by Cyrus Malekpour on Nov 26, 2014

golang

Golang Security and Concurrency

by Cyrus Malekpour & Mike McCabe on Jul 16, 2015

Developing Secure Applications with Golang

by Cyrus Malekpour on Nov 26, 2014

google

A Survey of Google Trusted Stores

by John Poulin on May 19, 2015

google-trusted-store

A Survey of Google Trusted Stores

by John Poulin on May 19, 2015

gorilla-toolkit

Developing Secure Applications with Golang

by Cyrus Malekpour on Nov 26, 2014

grails

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team on Jun 13, 2014

grails-nv

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team on Jun 13, 2014

groovy

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team on Jun 13, 2014

hacker

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

hackthissite-org

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

helmet

Node.js: Put a Helmet on...

by Ken Toler on Mar 12, 2015

hive

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

hoare logic

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

hr

Hiring Unicorns

by Mike McCabe on Apr 18, 2014

hsts

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

iOS

Why Mobile Application Security?

by David Lindner on Mar 14, 2018

Secure Mobile Development Training - On-Demand, Gamified, and Engaging

by Jack Mannino on Jun 26, 2017

Don't Touch Me That Way

by David Lindner on Jun 22, 2016

ids

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

ifunbox

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

information security

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

injection

The Evil Side of JavaScript: Server-Side JavaScript Injection

by Anand Vemuri on Aug 27, 2015

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

instance performance

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

integration

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

internet-of-things

Welcome, David Lindner!

by nVisium Team on Oct 06, 2015

Implementing CoAP The Secure Way, Part I: Fundamentals

by Jack Mannino on May 27, 2015

intro-to-burp-suite

Intro to BurpSuite, Part VI: Burpsuite Sequencer

by Ken Toler on Jul 09, 2015

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

Intro to Burp Part II: Sighting in your Burp Scope

by Ken Toler on Feb 21, 2014

Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy

by Ken Toler on Jan 10, 2014

intruder

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

Challenges of Mobile API Signature Forgery with Burp Intruder

by Patrick Cooley on Feb 07, 2014

intrusion detection system

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

ios

Exploration of the Apple Watch Backup Files

by Seth Law & Jerrick Davis on May 28, 2015

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

iot

Implementing CoAP The Secure Way, Part I: Fundamentals

by Jack Mannino on May 27, 2015

java

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

javascript

The Evil Side of JavaScript: Server-Side JavaScript Injection

by Anand Vemuri on Aug 27, 2015

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

Don't Break Your Backbone: XSS mitigation in Backbone.JS

by Anand Vemuri & Mike McCabe on May 21, 2015

Security Challenge, Universal Studios, and Authorization in AngularJS

by Anand Vemuri on Nov 06, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

jdbc

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

js

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

jwplayer

Amazon Cloudfront URL Signing, Rails, and JWPlayer

by Ken Johnson on Mar 07, 2014

k8s

Securing Kubernetes: Going from k8s to k8sec

by Jack Mannino on Oct 24, 2017

kevin cody

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

kindle-fire-security

Kindle Fire Security, Part III- Making Purchases With A Deregistered Device

by Ken Johnson on Dec 18, 2011

Kindle Fire Security, Part II- ADB, DropBox Manager

by Ken Johnson on Nov 22, 2011

Kindle Fire Security- Initial Thoughts

by Ken Johnson on Nov 16, 2011

lg-g-watch

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

machine learning

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

mailchimp

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

man-in-the-middle

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

managing

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

mandrill

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

mass-assignment

Insecure Mass Assignment Prevention - Mongoose & Node.js

by Ken Johnson on Jan 17, 2014

mean

Security Challenge, Universal Studios, and Authorization in AngularJS

by Anand Vemuri on Nov 06, 2014

mitm

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

ml

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

mobile

Why Mobile Application Security?

by David Lindner on Mar 14, 2018

Welcome, David Lindner!

by nVisium Team on Oct 06, 2015

Exploration of the Apple Watch Backup Files

by Seth Law & Jerrick Davis on May 28, 2015

mobile application security

Why Mobile Application Security?

by David Lindner on Mar 14, 2018

mobile penetration testing

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

mobile security

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

mobile-security

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

Dating Securely In The Mobile Age

by Abdullah Munawar & Jack Mannino on Jun 23, 2014

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

Android Assessments with GenyMotion + Burp

by Abdullah Munawar on Jan 24, 2014

Kindle Fire Security, Part III- Making Purchases With A Deregistered Device

by Ken Johnson on Dec 18, 2011

Kindle Fire Security, Part II- ADB, DropBox Manager

by Ken Johnson on Nov 22, 2011

OWASP Top 10 Mobile Risks

by Jack Mannino on Sep 27, 2011

Revisiting Android TapJacking

by Ken Johnson on May 26, 2011

Exploitable Mobile App Challenge- Submission Period Extended!

by Ken Johnson on May 20, 2011

Exploitable Mobile App Challenge- Now Open!!

by Ken Johnson on Apr 12, 2011

Exploitable Mobile App Challenge

by Ken Johnson on Mar 24, 2011

modeling

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

mongodb

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

Insecure Mass Assignment Prevention - Mongoose & Node.js

by Ken Johnson on Jan 17, 2014

newbie

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

node-js

Node.js: Put a Helmet on...

by Ken Toler on Mar 12, 2015

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Insecure Mass Assignment Prevention - Mongoose & Node.js

by Ken Johnson on Jan 17, 2014

nougat security

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

nvisium

nVisium's Code Remediation Service

by Ken Johnson on Oct 21, 2015

nVisium Makes Inc.'s 500 Fastest Growing Private Companies

by nVisium Team on Aug 12, 2015

The Golden Circle

by Tania Ryseck on Nov 12, 2014

nVisium: The First Five Years

by Jack Mannino on Oct 28, 2014

nVisium Welcomes Ernie Miller as the Director of Engineering!

by nVisium Team on Oct 06, 2014

10 Indicators You Know You Work for nVisium

by Tania Ryseck on Sep 03, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

nVisium Welcomes Seth Law as the Director of Research and Development!

by The nVisium Team on Jun 30, 2014

Hiring Unicorns

by Mike McCabe on Apr 18, 2014

Welcoming Our New COO

by Mike McCabe on Feb 03, 2014

New year, new goals, new-ish blog

by Mike McCabe on Jan 08, 2014

Exploitable Mobile App Challenge- Submission Period Extended!

by Ken Johnson on May 20, 2011

Exploitable Mobile App Challenge- Now Open!!

by Ken Johnson on Apr 12, 2011

Exploitable Mobile App Challenge

by Ken Johnson on Mar 24, 2011

Welcome To Our Blog

by Ken Johnson on Mar 04, 2011

open-source

Introducing Django.nV: An Intentionally Vulnerable Django Application

by nVisium Team on Aug 13, 2015

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team on Jun 13, 2014

Automated Android APK Unpacking

by nVisium Team on Feb 28, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

Railsgoat and Ruby on Rails Security

by Ken Johnson on Jun 10, 2013

organization

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

owasp

Golang Security and Concurrency

by Cyrus Malekpour & Mike McCabe on Jul 16, 2015

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

Railsgoat and Ruby on Rails Security

by Ken Johnson on Jun 10, 2013

OWASP Top 10 Mobile Risks

by Jack Mannino on Sep 27, 2011

Exploitable Mobile App Challenge- Submission Period Extended!

by Ken Johnson on May 20, 2011

Exploitable Mobile App Challenge- Now Open!!

by Ken Johnson on Apr 12, 2011

Exploitable Mobile App Challenge

by Ken Johnson on Mar 24, 2011

penetration testing

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

php

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

Method Interchange: The Forgotten Vulnerability

by Tim Tomes on May 12, 2015

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

play

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

AppSec California Recap

by Jack Mannino & Mike McCabe & Ken Johnson on Jan 30, 2014

portswigger

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

press-releases

nVisium Welcomes Ernie Miller as the Director of Engineering!

by nVisium Team on Oct 06, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

privacy

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

protecting-third-party-services

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

python

Injecting Flask

by Ryan Reid on Dec 07, 2015

Introducing Django.nV: An Intentionally Vulnerable Django Application

by nVisium Team on Aug 13, 2015

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

r-and-d

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

nVisium Welcomes Seth Law as the Director of Research and Development!

by The nVisium Team on Jun 30, 2014

rails

Using the Rails 5 Attributes API Today, in Rails 4.2

by Ernie Miller on Jun 22, 2015

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

Understanding Rails' protect_from_forgery

by John Poulin on Sep 10, 2014

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

Too much information (TMI) & Rails as_json method

by Ken Johnson on Apr 04, 2014

Reflected XSS Vulnerability in Twitter-Bootstrap-Rails (CVE-2014-4920)

by John Poulin on Mar 28, 2014

Amazon Cloudfront URL Signing, Rails, and JWPlayer

by Ken Johnson on Mar 07, 2014

Railsgoat and Ruby on Rails Security

by Ken Johnson on Jun 10, 2013

railsgoat

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Railsgoat and Ruby on Rails Security

by Ken Johnson on Jun 10, 2013

re:Invent

re:Invent Recap

by AWS Consulting Team on Dec 08, 2016

reInvent

AWS re:Invent reCap

by John Poulin on Dec 06, 2017

reactive

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

redis

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

regex

Regex: Regularly Exploitable

by Tim Tomes on Jun 11, 2015

research

nVisium Welcomes Seth Law as the Director of Research and Development!

by The nVisium Team on Jun 30, 2014

response headers

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

rooting

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

ruby

What to Expect When You're Overriding

by Ernie Miller on Dec 21, 2015

Using the Rails 5 Attributes API Today, in Rails 4.2

by Ernie Miller on Jun 22, 2015

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

Understanding Rails' protect_from_forgery

by John Poulin on Sep 10, 2014

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

Deobfuscate Client Side Cookies

by Ken Johnson on Jun 06, 2014

Automated Android APK Unpacking

by nVisium Team on Feb 28, 2014

ruby-on-rails

Mandrill, Devise, and Mailchimp Templates

by Ken Johnson on Oct 08, 2014

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

samsung-gear-live

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

sanitizer

Node.js: Put a Helmet on...

by Ken Toler on Mar 12, 2015

scala

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

scraping captcha

Fun with CAPTCHA - Pt I

by Jonn Callahan on Feb 23, 2017

sdlc

A More Secure Development Lifecycle IV: Secure Design Techniques

by Marjorie Meadors on May 30, 2014

A More Secure Development Lifecycle III: Requirements Gathering Techniques

by Marjorie Meadors on May 23, 2014

A More Secure Development Lifecycle II: Requirements

by Marjorie Meadors on May 16, 2014

A More Secure Development Lifecycle I: Introduction

by Marjorie Meadors on Mar 21, 2014

seccasts

Time-Based Username Enumeration: Practical or Not?

by John Poulin on Jun 25, 2015

SecCasts Live: Beyond the Pentest – The Evolving Security Landscape

by Tania Ryseck on Jun 04, 2015

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

security

Static Analysis of Grails Applications with CodeNarc

by Cyrus Malekpour & Seth Law on Jun 18, 2015

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

Intro to BurpSuite Part IV: Being Intrusive

by Ken Toler on Jul 23, 2014

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team on Jun 13, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

security headers

Lambda@Edge, CloudFront, and Custom Response Headers

by Jonn Callahan on Aug 10, 2017

security testing

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

server-side-template-injection

Injecting Flask

by Ryan Reid on Dec 07, 2015

slick

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

sms

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

software security

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

source code review

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

spot fleets

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

spot instances

CPU Degradation and EC2 Spot Fleets OR Why Don't My Miners Run At 100%?

by Jonn Callahan on Feb 12, 2018

spring

Method Interchange: The Forgotten Vulnerability

by Tim Tomes on May 12, 2015

sql-injection

Advanced SQL Injection

by Jonn Callahan on Jun 17, 2015

Scala-Flavored Assortment of Play Injection Prevention Techniques, Part I: SQL

by Jack Mannino on Jan 28, 2015

sql-server

Advanced SQL Injection

by Jonn Callahan on Jun 17, 2015

sqlite

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

ssl

5 Tips for Secure, Online Shopping

by John Poulin on Dec 17, 2014

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

static analysis

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

static-analysis

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

swift

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

Swift Core Data Format String Injection

by Seth Law on Jul 30, 2014

swift-nv

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

swift-nv-tutorial

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

task

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

technology

nVisium Welcomes Seth Law as the Director of Research and Development!

by The nVisium Team on Jun 30, 2014

testing

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

iOS Assessments with Burp + iFunBox + SQLite

by Abdullah Munawar on Aug 06, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Intro to BurpSuite: Part III - It's all about Repetition!

by Ken Toler on May 09, 2014

third-party

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

throttling

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

tls

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

tooling

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

tools

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

training

nVisium Announces Swift.nV

by nVisium Team on Aug 20, 2014

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team on Jun 13, 2014

transport layer protection

Advantages and Disadvantages of Android N+ Network Security Configuration

by Kevin Cody on Jul 12, 2017

tutorial

Swift.nV Tutorial Part I: Setup, Insecure Data Storage, and Unintended Data Leakage

by Seth Law on Sep 12, 2014

twitter-bootstrap-rails

Reflected XSS Vulnerability in Twitter-Bootstrap-Rails (CVE-2014-4920)

by John Poulin on Mar 28, 2014

type systems

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

types

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

ui

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

universal-studios

Security Challenge, Universal Studios, and Authorization in AngularJS

by Anand Vemuri on Nov 06, 2014

ux

The Balance Between UX and Security

by Hong Yi Dong on Oct 23, 2014

The Role of a Designer in an Application Security Company

by Hong Yi Dong on Jul 16, 2014

vagrant

An Update on Railsgoat: Vagrant/Docker

by Mike McCabe on Sep 24, 2014

validation

Dude, Where’s My Request Validation?

by Rich Grimes on Aug 08, 2017

verification

Of Airbags and Modeling, Part 0

by Stefan Edwards on Jul 18, 2017

vpc

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

vpc flow logs

Machine Learning vs Cryptocoin Miners -- Part 1

by Jonn Callahan on Apr 25, 2018

wearables

Getting Started with Android Wear Security I: Introduction

by Jack Mannino on Jul 11, 2014

web

Using Burp Intruder to Test CSRF Protected Applications

by John Poulin on Feb 14, 2014

web application security

Handling Missed Vulnerabilities

by Tim Tomes on Apr 05, 2017

web-security

Protecting Third-Party Services I: SMS Gateways

by John Poulin on Jul 03, 2014

Is Your Site HSTS Enabled?

by Geller Bedoya on Apr 25, 2014

Trusting the Web

by John Poulin on Apr 11, 2014

webgoat

The AppSec Newb’s Journey Part I: Welcome to AppSec

by Marcus Richardson on Aug 27, 2014

webgoat-net

Intro to BurpSuite V: Extracting Intrusions

by Ken Toler on Aug 13, 2014

women in technology

DEF CON - Is It Really That Scary?

by Amy McElroy and Clea Ostendorf on Aug 03, 2017

xss

Crossed by Cross-Site-Scripting: Exploring the Impact of XSS

by Nikhil Charles on Sep 11, 2015

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

Don't Break Your Backbone: XSS mitigation in Backbone.JS

by Anand Vemuri & Mike McCabe on May 21, 2015

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

Synergies in Application Security Vulnerabilities: Part I

by Anand Vemuri on Dec 10, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

Javascript Security Tools

by Mike McCabe on Jun 27, 2014

Reflected XSS Vulnerability in Twitter-Bootstrap-Rails (CVE-2014-4920)

by John Poulin on Mar 28, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

xssvalidator

Mitigating JavaScript context Cross-Site Scripting in PHP

by John Poulin on Jul 30, 2015

xssValidator v1.3.0 Released

by John Poulin on Dec 31, 2014

xssValidator v1.2.0 Released

by John Poulin on Aug 29, 2014

Accurate XSS Detection with BurpSuite and PhantomJS

by John Poulin on Jan 31, 2014

youtube

The AppSec Newb’s Journey Part II: Lessons I’ve Learned

by Marcus Richardson on Nov 19, 2014