Category: Application Security

SamuraiWTF, short for the Samurai Web Testing Framework, is a virtual machine designed for application security professionals. SamuraiWTF is similar in nature to Kali, but it is trimmed down …

In a previous post, I discussed the process of code signing a .NET Core assembly with a digital certificate. In it, I mentioned three methods of utilizing SignTool.exe to …

There are many ways to fend off malware. Perhaps the most effective way to accomplish this is via whitelisting. An organization can designate which assemblies can be executed in …

I’ve said it before and I’ll say it again – passwords are dangerous. Authentication and authorization subsystems are hard to build and are difficult to protect. If you are …

In a previous blog post, I discussed several pitfalls of information disclosure during registration and authentication and how difficult it is to prevent them. In this article, I’m going …

If you read my previous post regarding Common Information Disclosure Vulnerabilities During Registration and Authentication, then you know how difficult it is to prevent user enumeration. Most developers seem …

Traffic can make or break your website. Too little indicates your website is underused and unpopular. Too much can overwhelm your business. Or it could mean your website is …

Let’s face it. We all have secrets. That’s not necessarily a bad thing. There are just certain pieces of information you don’t want everyone to know – your phone …

One of the great benefits of utilizing OAuth 2.0 is that your application totally outsources its authentication responsibility. The result is that the client simply passes an access token …

With the promotion of WebAuthn to an official web standard, it’s only a matter of time before software developers begin to take advantage of its perks. If you aren’t …