• Skip to main content
  • Skip to primary sidebar

Redpoint Security

Helping security professionals and developers navigate the infosec world.

  • SERVICES
    • Assessment Services
      • Application Security Assessment
      • Secure-Code Review
      • Hybrid Application Security Assessment
      • Mobile Application Security Assessment
      • Web3 Assessments / Smart Contracts
    • Training
    • SDLC Consulting
    • Process Assessments
  • PRODUCTS
    • Surveyor™ – For Web Application Security
  • Industries
    • Finance
    • Software Development
    • Healthcare
    • Insurance
    • Web3
    • Ecommerce
  • RESOURCES
    • Blog
    • Absolute AppSec podcast
    • Open-Source Projects
  • About Us
    • Redpoint’s Story
    • About our team
    • Contact Page

Redpoint Security Blog

AppSec Travels Part I: Function Overload

March 8, 2024 by redpointsec

Token Caching This is our first blog of AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. This will be on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of doubt anyone wants to read findings write-ups […]

Filed Under: Appsec, AppSec Travels, Code Security, Findings Writeup

Training Devs for a new OWASP Top Ten

March 8, 2024 by Aaron Law

What we learned from adapting our Application Security 101 course Background: The OWASP Top Ten – An Awareness Document The OWASP Top Ten is a widely-used guide developed by the fine folks at the Open Web Application Security Project that provides a list of the common and critical vulnerabilities in web applications. First published in […]

Filed Under: Appsec, OWASP, Services, Training

Redpoint Services

February 23, 2024 by redpointsec

Application Security in 2024: A Look at Redpoint’s Service Offerings In today’s rapidly changing landscape of information security, protecting your applications is crucial. The statistics speak for themselves: data breaches can incur significant costs, with an average cost of $4 million per breach, according to IBM. It’s clear that the threat of exploitation is widely […]

Filed Under: Appsec, Code Security, Redpoint Assessment Process, Services

Redpoint and Code

February 22, 2024 by redpointsec

DangerouslySetInnerHtml strike through in code snippet.

Why code security by coders? The secret to comprehensive security is knowing how an attacker thinks and how a developer creates. The important thing to remember for finding and helping remedy security flaws, is that it requires assessments where our testers/researchers can toggle between two frames of mind. First, We look at your application like […]

Filed Under: Appsec, Code Security, Redpoint Assessment Process

Ransomware as a Service

February 22, 2024 by Matt Law

“Addressing Ransomware in Organizations and Application Security” [For an attacker], where there’s an absence from technical protection, there’s always the presence of human error. -KEN JOHNSON Ransomware is everywhere! The international news regarding the May 2021 ransomware attack on Colonial Pipeline and the subsequent service shutoff affecting consumers throughout the U.S. southeast put launched ransomware […]

Filed Under: Appsec, Opsec, Podcast, Ransomware

A Client-Side Solve: Browser Sanitization APIs

June 4, 2021 by Aaron Law

Could Browser Sanitization APIs mean a new era of client-side security? In April 2021, Google and Firefox both announced that a sanitization api would be integrated within their browsers. Ken Johnson (cktricky) and Seth Law (sethlaw) discussed these new developments on the Absolute Appsec podcast with a good deal more sanguinity than regular podcast listeners […]

Filed Under: Appsec, Podcast, Secure by Default Tagged With: Absolute Appsec, APIs, Browser Sanitization, Browsers, DOMPurify, Sanitization API, SQL Injection

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

helping security professionals and developers navigate the infosec world

Relevant resources and lessons learned from our own experiences in the field.

Categories

  • AI in AppSec (1)
  • Appsec (12)
  • AppSec Career Path (3)
  • AppSec Travels (3)
  • Client-Side Code (1)
  • Code Security (7)
  • Conference Recaps (1)
  • Findings Writeup (3)
  • Journal (3)
  • Opsec (1)
  • OWASP (1)
  • Podcast (3)
  • Ransomware (1)
  • Redpoint Assessment Process (4)
  • Redpoint Security Interns (1)
  • Secure by Default (1)
  • Services (6)
  • Surveyor™ (1)
  • Training (2)

AppSec Travels 3: Account Takeover 

During a recent assessment, our team came upon a vulnerability that felt like finding a hidden door in a seemingly secure fortress. The discovery involved the password-reset mechanism of an application, allowing us to reset any user’s password with just their email address. This flaw circumvents authentication, giving unauthorized access to user accounts. Here’s how […]

AppSec Travels Part 2: Access-Control Bypass

What happens when combined technologies counteract security controls? This is another in Redpoint’s blog series AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. AppSec Travels is on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of […]

Copyright © 2025