Category Archives: Blog

Risk – Medieval approaches to AppSec

December 22, 2017 / by

Vulnerability management involves a little more than finding security issues in code and/or hosting systems……I find that much of the industry does not understand that vulnerability management, penetration testing, threat detection, endpoint detection, malware prevention and even anti-virus services and tools are about managing risk. Managing risk is about reducing it to a suitable level […]

Read more

AngularJS and forms security & design

July 24, 2015 / by

Overview Rich internet applications make use of the powerful features that new web browsers come equipped with. The web has come a long way since the dull, stateless server content generated HTML pages of the 90’s. Today it is possible to interact with almost any webpage, thus opening a miryad of possibilities to the user […]

Read more

Rails SQL injection gotchas

December 30, 2014 / by

In this post we’re gonna look at some places where it is possible to inject arbitrary SQL commands into active record queries in Ruby on Rails. ActiveRecord has pretty good protection against SQL injection, so much so that sometimes I think it lulls us into a false sense of security. We’re pretty well protected by […]

Read more