Published on October 4, 2017 by Jack Mannino
Play 2.6 final was recently released and it includes a ton of awesome new features. Some of the most exciting features include: replacing Netty with Akka HTTP Server as the default backend as well as shipping with experimental HTTP/2 support (finally!). From a security perspective, Play 2.6 introduces new features and settings you want to take advantage of. Read more...
Published on September 27, 2017 by Ryan Reid
In this post, I'll discuss my recent adventure regarding my first InfoSec con presentation. Hopefully, you'll find the tips littered throughout this blog helpful as you prepare to present for your first time. Read more...
Published on August 10, 2017 by Jonn Callahan
Published on August 8, 2017 by Rich Grimes
While in the process of migrating our ASP.NET on-demand training course to ASP.NET Core, I noticed ASP.NET Core 1.0 did not include a similar feature to ASP.NET’s Request Validation.
Given that ASP.NET Core has some significant changes from ASP.NET, it doesn’t surprise me to find a feature missing. As ASP.NET Core is supposed to be the leaner cross-platform version, namespaces, classes, and features are going to change. However, what concerns me, is on a routine basis we perform security assessments on ASP.NET applications where the only protection against Cross-Site Scripting (XSS) is the Request Validation feature.
So, this got me thinking. Will developers know Request Validation is missing? How many ASP.NET projects will be migrated with the assumption that Request Validation is present? Why hasn’t Microsoft made this change more obvious? How do we get the word out?
Published on August 3, 2017 by Amy McElroy and Clea Ostendorf
This year marks my third working in Business Development at nVisium, and until now, I'd strategically avoided the infamous Black Hat and DEF CON industry conferences. Like many first-time DEF CON attendees, I really had no idea what to expect.
Published on July 18, 2017 by Stefan Edwards
I was in a car accident the last year, and was talking with our CEO Jack after the fact. He asked if the air bags had deployed, which I said they didn't (in fact, if they had, I probably wouldn't have been injured). Jack responded with:
That's the thing with air bags, you assume they work and they'll save your life until they don't.
Now, being the jerk that I am, I responded:
Basically like all security controls?