I’ve said it a million times. Passwords are the bane of a developer’s existence. Authentication is incredibly complicated, and much of that rests around password storage. I highly recommend …

If you have ever tried to secure a development environment, you know that it is an incredibly challenging task. Developers often need administrative privileges in order to install and …

SamuraiWTF, short for the Samurai Web Testing Framework, is a virtual machine designed for application security professionals. SamuraiWTF is similar in nature to Kali, but it is trimmed down …

In a previous post, I discussed the process of code signing a .NET Core assembly with a digital certificate. In it, I mentioned three methods of utilizing SignTool.exe to …

There are many ways to fend off malware. Perhaps the most effective way to accomplish this is via whitelisting. An organization can designate which assemblies can be executed in …

I’ve said it before and I’ll say it again – passwords are dangerous. Authentication and authorization subsystems are hard to build and are difficult to protect. If you are …

In a previous blog post, I discussed several pitfalls of information disclosure during registration and authentication and how difficult it is to prevent them. In this article, I’m going …

If you read my previous post regarding Common Information Disclosure Vulnerabilities During Registration and Authentication, then you know how difficult it is to prevent user enumeration. Most developers seem …

Traffic can make or break your website. Too little indicates your website is underused and unpopular. Too much can overwhelm your business. Or it could mean your website is …

Let’s face it. We all have secrets. That’s not necessarily a bad thing. There are just certain pieces of information you don’t want everyone to know – your phone …