Blog

JASP Check Deep Dive: Redshift

Redshift is Amazon’s data warehousing solution.  Here’s how they describe it on its promo page:

Don't rely on X-XSS-Protection to protect you from XSS

The X-XSS-Protection header only helps protect against certain reflected XSS attacks. It does nothing for stored XSS attacks. Don’t rely on it to protect your site from XSS!

JASP Check Deep Dive: S3

It is very common to find Amazon S3 buckets misconfigured. We found one in a pen test this week.

JASP Meta: November 2018 Edition

Building JASP has been a really interesting experience for all of us at Jemurai.  This post captures some of what I think we’re seeing and learning right now.

JASP Check Deep Dive: ECR

As we build JASP, we’re brainstorming and learning about security (so far, primarily in AWS).  This is the first in a series of “Check Deep Dive” posts that talk about things we are checking for in JASP.  It seems like an interesting area to share information.  Incidentally, we’re also going to post more meta posts about the Jemurai and JASP journey.

JASP Dashboards

JASP is a platform for security automation.  We currently focus on monitoring AWS environments for potential security issues.

Live Coding a Glue Task at AppSecUSA – Video

Here is the video from the Glue and live coding talk at AppSecUSA.

Live Coding a New Glue Task at AppSecUSA

How it Works: TOTP Based MFA

Multi-Factor Authentication has become a requirement for any application that values security. In fact, it has become a regulatory requirement in some industries and is being adopted as a requirement in several others. We often discover misconceptions or downright misunderstandings about how MFA works and think this is a topic worth diving into. This particular article will focus on one of the most common second factors, Time based One Time Password, or TOTP.

Technology and Security: AI, Cloud, IoT

So … someone asked me the following question, so I figured I’d put my answer in a blog post.