Tactics

Package managers

April 17, 2019
Over the past few weeks we’ve been talking a lot internally at Jemurai about how package managers and the code […]

Exploring CloudTrail

March 25, 2019
We had a customer ask us to dig for some indicators of compromise in their AWS account. We are already […]

Sharing Files with S3 Safely

March 15, 2019
It seems to me like back in the day, all the companies we worked with shared files with FTP. Remember […]

Managing Dependencies

February 20, 2019
A common question came up again this week working with a developer (and friend) at a partner that does custom […]

A Trello Template for AppSec Program Projects

January 30, 2019
Last week I wrote about application security programs What is a program and why do we need it? After writing […]

Implementing Authorization Properly

January 16, 2019
Almost every time we do a penetration test or code review, we find problems with authorization.  Sometimes we call these horizontal […]

Don’t rely on X-XSS-Protection to protect you from XSS

November 28, 2018
The X-XSS-Protection header only helps protect against certain reflected XSS attacks. It does nothing for stored XSS attacks. Don’t rely […]

Live Coding a Glue Task at AppSecUSA – Video

October 29, 2018
Here is the video from the Glue and live coding talk at AppSecUSA.

Live Coding a New Glue Task at AppSecUSA

October 18, 2018
At AppSecUSA, OWASP Glue, a project we contribute heavily to, was asked to present in the project showcase.  I put […]

How it Works: TOTP Based MFA

October 11, 2018
Multi-Factor Authentication has become a requirement for any application that values security. In fact, it has become a regulatory requirement […]

Popular Posts

Ready to get started?

Build a comprehensive security program using our proven model.
© 2012-2024 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram