When searching through the security headlines, many businesses and IT leaders realize the importance of keeping their systems safe. They know that training software developers is a key part of preventing the kinds of attacks and breaches that make the headlines. Customer data and company revenue…

You’re not likely to find a web application that doesn’t use a sophisticated front-end framework like Angular. One of the selling points of front-end frameworks like Angular has been their best effort to prevent Cross-site Scripting (XSS) by escaping characters that could be interpreted as code.…

PCI-compliant organizations have much to protect. The dangers of an attack on financial data are real and costly (especially if you serve large amounts of customers). Remaining PCI-compliant is a good first step to making sure your sensitive data is safe. One requirement of PCI is regular…

The software development life cycle (SDLC) is a common sight for those who work on software projects. Whether you’re a developer or a security engineer or even a project manager or QA tester, you know all of the pieces by heart.   You begin by creating requirements so you know what the…

Improper access control is a basic web application vulnerability that still leads to compromises. Small oversights or simply not thinking things through can lead to big problems, such as account takeover or sensitive data being stolen. Let’s take a look at what improper access control looks…

I’ll let you in on a little secret. Most hacks are boring. They aren’t the crazy, complicated “Ocean’s Eleven” style plan within a plan hacks you might see on TV or in the movies. To most people, actually hacking a website would be pretty boring. There are pieces of software you can grab off the…