In Redpoint Security’s existence as an application security firm, we have seen a range of clientele who manifest a whole host of differences: development teams and applications that range remarkably small and large, different levels of security maturity, compliance requirements that are relatively lax as opposed to highly demanding with a rapidly rushing SLA (Service-Level…
What happens when combined technologies counteract security controls? This is another in Redpoint’s blog series AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. AppSec Travels is on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of…
Token Caching This is our first blog of AppSec Travels where we walk you through interesting findings we’ve discovered in vulnerability assessments. This will be on ongoing series without a regular cadence because frankly some assessments are perfunctory security checks lacking in exciting findings and we sort of doubt anyone wants to read findings write-ups…
What we learned from adapting our Application Security 101 course Background: The OWASP Top Ten – An Awareness Document The OWASP Top Ten is a widely-used guide developed by the fine folks at the Open Web Application Security Project that provides a list of the common and critical vulnerabilities in web applications. First published in…
Application Security in 2024: A Look at Redpoint’s Service Offerings In today’s rapidly changing landscape of information security, protecting your applications is crucial. The statistics speak for themselves: data breaches can incur significant costs, with an average cost of $4 million per breach, according to IBM. It’s clear that the threat of exploitation is widely…
Why code security by coders? The secret to comprehensive security is knowing how an attacker thinks and how a developer creates. The important thing to remember for finding and helping remedy security flaws, is that it requires assessments where our testers/researchers can toggle between two frames of mind. First, We look at your application like…
“Addressing Ransomware in Organizations and Application Security” [For an attacker], where there’s an absence from technical protection, there’s always the presence of human error. -KEN JOHNSON Ransomware is everywhere! The international news regarding the May 2021 ransomware attack on Colonial Pipeline and the subsequent service shutoff affecting consumers throughout the U.S. southeast put launched ransomware…
Could Browser Sanitization APIs mean a new era of client-side security? In April 2021, Google and Firefox both announced that a sanitization api would be integrated within their browsers. Ken Johnson (cktricky) and Seth Law (sethlaw) discussed these new developments on the Absolute Appsec podcast with a good deal more sanguinity than regular podcast listeners…
Code security by coders. Manual-led application security assessments, secure-code review, and developer-friendly tooling.