Redpoint Security Blog

Ransomware as a Service

February 22, 2024 by Matt Law

“Addressing Ransomware in Organizations and Application Security” [For an attacker], where there’s an absence from technical protection, there’s always the presence of human error. -KEN JOHNSON Ransomware is everywhere! The international news regarding the May 2021 ransomware attack on Colonial Pipeline and the subsequent service shutoff affecting consumers throughout the U.S. southeast put launched ransomware […]

A Client-Side Solve: Browser Sanitization APIs

June 4, 2021 by Aaron Law

Could Browser Sanitization APIs mean a new era of client-side security? In April 2021, Google and Firefox both announced that a sanitization api would be integrated within their browsers. Ken Johnson (cktricky) and Seth Law (sethlaw) discussed these new developments on the Absolute Appsec podcast with a good deal more sanguinity than regular podcast listeners […]

AppSec Travels 3: Account Takeover

During a recent assessment, our team came upon a vulnerability that felt like finding a hidden door in a seemingly secure fortress. The discovery involved the password-reset mechanism of an application, allowing us to reset any user’s password with just their email address. This flaw circumvents authentication, giving unauthorized access to user accounts. Here’s how […]

AppSec Travels Part 2: Access-Control Bypass

What happens when combined technologies counteract security controls? This is another in Redpoint’s blog series AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. AppSec Travels is on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of […]