Skip to main content

Isaac Dawson

Isaac Dawson is a Senior Security Research at Veracode, where he researches attacks and methods for creating a next generation application security scanner. This cutting edge research has led to advancements in Veracode’s automated web scanner’s ability to identify and exploit security issues. He has developed numerous internal systems containing thousands of variations of web vulnerabilities for use in ensuring the greatest amount of scanner coverage.

Posts by Isaac Dawson
  • AngularJS Expression Security Internals

    Introduction: As part of my research duties I tasked myself with becoming more familiar with the newer MVC frameworks, the most interesting one was AngularJS. I wanted to share with everyone my process for analyzing the expression functionality built in to AngularJS as I feel it's a pretty interesting and unique code base. AngularJS exposes an expression language that exposes a limited set of… READ MORE

Stay up to date on Application Security

  • Guidelines for Setting Security Headers

    As part of our Alexa Top 1 Million Security Headers post series, it is not uncommon to have to go back and re-read specifications to determine which header values are valid. While there are numerous sites that detail the various headers and what they do, there isn't a central place that gives developers the information necessary to identify common mis-configurations and methods of testing if the… READ MORE

  • Golang's Context Aware HTML Templates

    Golang is a new open source programming language that is growing in popularity. Since I am getting bored of Python, I decided to begin studying it. While I'm really enjoying it as a language, I was completely caught off guard when I started reading about Golang's built in HTML templating package. I noticed in their documentation they are doing context based encoding. Not only that, it is all done… READ MORE

  • Broken Logic: Avoiding the Test Site Fallacy

    Web security scanners are one tool in the arsenal of any organization that takes security seriously. The ability of automation to rapidly test and verify that an application meets a reasonable standard of security is a key advantage. While manual testing can never be completely removed from the process, automated tools are critical in reducing the amount of time spent on repetitive tasks. In some… READ MORE

  • How Code Rot Can Lead to Vulnerabilities

    As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot. Code rot is basically where code becomes ignored, neglected or the environment in… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.