• Skip to main content

Redpoint Security

Helping security professionals and developers navigate the infosec world.

  • SERVICES
    • Assessment Services
      • Application Security Assessment
      • Secure-Code Review
      • Hybrid Application Security Assessment
      • Mobile Application Security Assessment
      • Web3 Assessments / Smart Contracts
    • Training
    • SDLC Consulting
    • Process Assessments
  • PRODUCTS
    • Surveyor™ – For Web Application Security
  • Industries
    • Finance
    • Software Development
    • Healthcare
    • Insurance
    • Web3
    • Ecommerce
  • RESOURCES
    • Blog
    • Absolute AppSec podcast
    • Open-Source Projects
  • About Us
    • Redpoint’s Story
    • About our team
    • Contact Page

Appsec

How AI and LLMs Will Shape AppSec in 2025

January 17, 2025 by redpointsec

Four Predictions for AppSec in 2025 By Ken Johnson and Seth Law In this joint blog from Seth Law at Redpoint and Ken Johnson at DryRun Security, we highlight how 2025 will be a pivotal year for large language models (LLMs) in AppSec. Building on the momentum of 2024, LLMs are moving from novelty to […]

Filed Under: AI in AppSec, Appsec, Code Security, Podcast, Services Tagged With: Absolute Appsec, AI in AppSec, LLMs in AppSec

The experience of a beginner in the field of Appsec.

August 9, 2024 by Trevon Greenwood

Trevon Greenwood portrait

My name is Trevon Greenwood, and I am a Junior Security Analyst at Redpoint Security. This post outlines my experience as a beginner in the field and what a day at work looks like for me. I have been with Redpoint for just over a year now, so I think I’ve accrued enough experience as […]

Filed Under: Appsec, AppSec Career Path, Journal, Redpoint Assessment Process, Services, Training Tagged With: AppSec Career Path, Redpoint Security team

AppSec Travels 3: Account Takeover 

July 16, 2024 by Justin Larson

During a recent assessment, our team came upon a vulnerability that felt like finding a hidden door in a seemingly secure fortress. The discovery involved the password-reset mechanism of an application, allowing us to reset any user’s password with just their email address. This flaw circumvents authentication, giving unauthorized access to user accounts. Here’s how […]

Filed Under: Appsec, AppSec Travels, Code Security, Findings Writeup Tagged With: account takeover, authentication tokens

Polyfill io and Surveyor’s Continuous Dependency Monitor

July 5, 2024 by redpointsec

In the aftermath of the polyfill supply-chain attack that reportedly compromised the security of some 100,000 applications across the Internet last week (arstechnica reports that over 384K sites are still pulling the package subsequently), our team at Redpoint realized quickly that it was a real-world case of feature within Redpoint’s Surveyor tool. That is, lead […]

Filed Under: Appsec, Client-Side Code, Code Security, Surveyor™ Tagged With: Browsers, client-side code, Surveyor™

A Redpoint Customer Security Journey

March 8, 2024 by Aaron Law

In Redpoint Security’s existence as an application security firm, we have seen a range of clientele who manifest a whole host of differences: development teams and applications that range remarkably small and large, different levels of security maturity, compliance requirements that are relatively lax as opposed to highly demanding with a rapidly rushing SLA (Service-Level […]

Filed Under: Appsec, Code Security, Redpoint Assessment Process, Services

AppSec Travels Part 2: Access-Control Bypass

March 8, 2024 by redpointsec

What happens when combined technologies counteract security controls? This is another in Redpoint’s blog series AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. AppSec Travels is on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of […]

Filed Under: Appsec, AppSec Travels, Findings Writeup, Services

AppSec Travels Part I: Function Overload

March 8, 2024 by redpointsec

Token Caching This is our first blog of AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. This will be on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of doubt anyone wants to read findings write-ups […]

Filed Under: Appsec, AppSec Travels, Code Security, Findings Writeup

Training Devs for a new OWASP Top Ten

March 8, 2024 by Aaron Law

What we learned from adapting our Application Security 101 course Background: The OWASP Top Ten – An Awareness Document The OWASP Top Ten is a widely-used guide developed by the fine folks at the Open Web Application Security Project that provides a list of the common and critical vulnerabilities in web applications. First published in […]

Filed Under: Appsec, OWASP, Services, Training

  • Page 1
  • Page 2
  • Go to Next Page »

Copyright © 2025