In my previous post, I wrote about a simple process for triaging vulnerabilities across applications. Once you have the issues prioritized, the vulnerability remediation process is pretty straightforward. You don’t have a lot of options; either remediate the issue, ignore it, or apply other measures (compensating controls) to mitigate the risk posed by the vulnerability.
Continue Reading...
Posted in Developer Enablement, Open Source Security
Welcome to the first part in our AngularJS Security Series. Here, we’ll discuss the various solutions to write more secure applications. Our goal is simple: to help developers better understand Angular and embrace the practice of writing more secure code. – Stephen Teilhet, Lewis Ardern, & David Johansson The AngularJS Module is the basic building block of […]
Continue Reading...
Posted in Developer Enablement
AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. While Angular adds much-needed features to the language, it also creates a handful of new problems for developers. Due to this, I’ve teamed up with Lewis Ardern to pose a simple question with a not-so-simple answer: Google built AngularJS […]
Continue Reading...
Posted in Developer Enablement
In 2014 an exploit was discovered in Firefox for Android that allowed malicious applications access to sensitive user data. The cause? An unfortunately predictable PRNG called Math.random().
Continue Reading...
Posted in Developer Enablement, Web Application Security
Java SecureRandom updates as of April 2016 There have been several changes to Java’s SecureRandom API since creating this post back in 2009. According to Oracle, the following interesting changes have been made: For UNIX-like platforms, two new implementations have been introduced that provide blocking and non-blocking behavior: NativePRNGBlocking and NativePRNGNonBlocking. The getInstanceStrong() method was introduced […]
Continue Reading...
Posted in Developer Enablement, General
What’s the difference between OAuth 1.0 and OAuth 2.0? And which version of OAuth is right for you? Hint: It’s not necessarily the latest one.
Continue Reading...
Posted in Developer Enablement, Web Application Security