Application security has become an important topic within our organizations. We have come to understand that the data that we deem sensitive and critical to our business is made available through these applications. With breaches happening all the time, it is critical to take reasonable steps to help protect that data by ensuring that our applications are implementing strong controls. Over the years, testing has been the main avenue for "implementing" security into applications. We have seen a … [Read more...] about Thinking about starting a bug bounty? Do this first.
application security
Overview of Web Security Policies
A vulnerability was just identified in your website. How would you know? The process of vulnerability disclosure to an organization is often very difficult to identify. Whether you are offering any type of bounty for security bugs or not, it is important that there is a clear path for someone to notify you of a potential concern. Unfortunately, the process is different on every application and it can be very difficult to find it. For someone that is just trying to help out, it can be very … [Read more...] about Overview of Web Security Policies
Installing BeEF on ubuntu 18.04
While working on a VM for a class, I had the opportunity to install BeEF for the students. This was the first VM I have built using Ubuntu 18.04, so I expected there to be a few hiccups along the way. The good news is that the process was pretty straight forward and simple. Here are the steps to getting this up and running on Ubuntu 18.04. https://youtu.be/hD_JRo7YPcg I started off by creating a new virtual machine using Ubuntu 18.04. I won't go through the steps of creating a new virtual … [Read more...] about Installing BeEF on ubuntu 18.04
Ep. 101: You’re not always right and that is ok
In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. … [Read more...] about Ep. 101: You’re not always right and that is ok
Ep. 100: Choosing Security Tools
In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment. For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to … [Read more...] about Ep. 100: Choosing Security Tools
Choosing Application Security Tools
There are lots of security tools available, so how do you know which one to pick? If your security team is not including the application teams in the decision, you run a big risk of failure. The security team does get the ability to form relationships with vendors. We see them at conferences. We know people that work there. Because our focus is on security, we know the tools that exist in our space and we have an idea of which ones may be better than others. Of course, this is often due to … [Read more...] about Choosing Application Security Tools