As we build JASP, we’re brainstorming and learning about security (so far, primarily in AWS).  This is the first in a series of “Check Deep Dive” posts that talk about things we are checking for in JASP.  It seems like an interesting area to share information.  Incidentally, we’re also going to post more meta posts about the Jemurai and JASP journey.

JASP is a platform for security automation.  We currently focus on monitoring AWS environments for potential security issues.

Here is the video from the Glue and live coding talk at AppSecUSA.

Multi-Factor Authentication has become a requirement for any application that values security. In fact, it has become a regulatory requirement in some industries and is being adopted as a requirement in several others. We often discover misconceptions or downright misunderstandings about how MFA works and think this is a topic worth diving into. This particular article will focus on one of the most common second factors, Time based One Time Password, or TOTP.

So … someone asked me the following question, so I figured I’d put my answer in a blog post.

Not all bots are created equal. Some bots are good, some bots are bad, and some bots are not what they appear to be. This article will discuss an aspect of bots that attempt to exploit the sensitive nature of SEO optimization rules.

Our team was recently working on a test where we noticed that the application, which was a Single Page App (SPA) in front of a RESTful API, was using session cookies but did not have Cross Site Request Forgery (CSRF) tokens.  When we discussed the issue with the development team, they indicated that in all their many years of experience writing API’s and fancy front ends, they had never used CSRF tokens with RESTful APIs.