In Redpoint Security’s existence as an application security firm, we have seen a range of clientele who manifest a whole host of differences: development teams and applications that range remarkably small and large, different levels of security maturity, compliance requirements that are relatively lax as opposed to highly demanding with a rapidly rushing SLA (Service-Level […]
Training Devs for a new OWASP Top Ten
What we learned from adapting our Application Security 101 course Background: The OWASP Top Ten – An Awareness Document The OWASP Top Ten is a widely-used guide developed by the fine folks at the Open Web Application Security Project that provides a list of the common and critical vulnerabilities in web applications. First published in […]
Ransomware as a Service
“Addressing Ransomware in Organizations and Application Security” [For an attacker], where there’s an absence from technical protection, there’s always the presence of human error. -KEN JOHNSON Ransomware is everywhere! The international news regarding the May 2021 ransomware attack on Colonial Pipeline and the subsequent service shutoff affecting consumers throughout the U.S. southeast put launched ransomware […]
A Client-Side Solve: Browser Sanitization APIs
Could Browser Sanitization APIs mean a new era of client-side security? In April 2021, Google and Firefox both announced that a sanitization api would be integrated within their browsers. Ken Johnson (cktricky) and Seth Law (sethlaw) discussed these new developments on the Absolute Appsec podcast with a good deal more sanguinity than regular podcast listeners […]