Unveiling the Myths of Multi-Factor Authentication
MFA refresher
Multi-Factor Authentication (MFA) is a security practice that requires users to provide two or more distinct authentication factors
Forget DevSecOps and ShiftLeft
🪄Integrating Security Seamlessly
In this article, we're about to spill the beans on why this approach rocks, answer some burning
The Imperative of Persistent CSRF Tokens (Video)
A brief on Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) attacks, capable of duping a user into performing an unintended
JWT: A Cryptographic Love Story with Security, Vulnerabilities, and a State of Confusion
Folks, remember to be careful with your JWTs. Use strong cryptographic algorithms, manage those secret keys like they're your firstborn
JWT Patterns that provide real security benefits
Throughout this post we will keep an YUK WORD tally of things that are not security characteristics of JWT, that
Really giving a jot about JWTs
Instacart Sr Security Engineer David Gillman (or Gilman? Either OWASP or LASCON got it wrong) presented a talk in 2021
5 Myths of Software Composition Analysis (SCA)
Recently someone asked me to help them with an SCA tool (you know the name, I
snicker a bit when
Guide to Application Security tools
First, what makes a good, or great, AppSec tool?
The best tools
A best tool for AppSec is implemented;
* in
How to start an AppSec Program
I get asked all too often:
What do do for AppSec?
Many organizations with mature AppSec programs recommend implementing a
No Bullsh*t guide to Application Security
Security is a process, not a destination. Which applies to Application Security
also.
Let's quickly address common AppSec mistakes;
* AppSec