Development and Security

Jemurai is a security company with deep experience in both application development and security.

Fractional CISO

We help you build a security program.

JASP: Cloud Security Automation

Use our platform to continuously check the security of your systems.


We teach leaders and developers about security in fun, hands on and language relevant training with online reinforcement.

Penetration Testing

We break apps to make them stronger.

Latest Jemurai Blog Posts

Implementing Authorization Properly

Posted By

Introduction Almost every time we do a penetration test or code review, we find problems with authorization.  Sometimes we call these horizontal or vertical privilege escalation.  Sometimes we call it instance based restriction gaps or function based restriction gaps.  Ultimately, many applications fail to implement clear restrictions on who can do what.  This post attempts to revisit these […]

Jan 16,2019No Comments

JASP Check Deep Dive: Redshift

Posted By

Introduction Redshift is Amazon’s data warehousing solution.  Here’s how they describe it at: Redshift delivers ten times faster performance than other data warehouses by using machine learning, massively parallel query execution, and columnar storage on high-performance disk. You can setup and deploy a new data warehouse in minutes, and run queries across petabytes of data […]

Nov 30,2018No Comments

Don’t rely on X-XSS-Protection to protect you from XSS

Posted By

Introduction The X-XSS-Protection header only helps protect against certain reflected XSS attacks. It does nothing for stored XSS attacks. Don’t rely on it to protect your site from XSS! What it can do: Block reflected XSS attacks Reflected XSS occurs when a malicious query parameter in a page’s URL is rendered unsanitized on the page. The […]

Nov 28,2018No Comments