Development and Security

Jemurai is a security company with deep experience in both application development and security.

Fractional CISO

We help you build a security program.

JASP: Cloud Security Automation

Use our platform to continuously check the security of your systems.

Training

We teach leaders and developers about security in fun, hands on and language relevant training with online reinforcement.

Penetration Testing

We break apps to make them stronger.

Latest Jemurai Blog Posts

JASP Check Deep Dive: Redshift

Posted By

Introduction Redshift is Amazon’s data warehousing solution.  Here’s how they describe it at:  https://aws.amazon.com/redshift/. Redshift delivers ten times faster performance than other data warehouses by using machine learning, massively parallel query execution, and columnar storage on high-performance disk. You can setup and deploy a new data warehouse in minutes, and run queries across petabytes of data […]

Nov 30,2018No Comments

Don’t rely on X-XSS-Protection to protect you from XSS

Posted By

Introduction The X-XSS-Protection header only helps protect against certain reflected XSS attacks. It does nothing for stored XSS attacks. Don’t rely on it to protect your site from XSS! What it can do: Block reflected XSS attacks Reflected XSS occurs when a malicious query parameter in a page’s URL is rendered unsanitized on the page. The […]

Nov 28,2018No Comments

JASP Check Deep Dive: S3

Posted By

It is very common to find Amazon S3 buckets misconfigured.  We found one in a pen test this week.  We find them frequently.  The most common things we see with S3 buckets is that people leave them open to the world and don’t encrypt them.  The one we found this week also let us delete […]

Nov 8,2018No Comments