· Alex Nikolova
A web browser's same origin policy plays a major role in preventing Cross-Site Request Forgery attacks. The standard is clear on what the acceptable behaviour is, but do all browsers follow it?
· Yuriy Ackermann
U2F is an open, driverless, digital signature challenge-response protocol for secure two factor authentication. It’s designed to improve user security through ease of use.
· Nilesh Kapoor
In this blog post Nilesh shares his experience performing a SCADA assessment, what pentest approach works best for highly sensitive systems, and preferred tools of the trade.
· Chris Berry
An overview of how to begin searching for vulnerabilities within software, by fuzzing the binary with AFL
· Tim Goddard
Unfortunately, many SAML consumers don’t validate responses properly, allowing attacks up to and including full authentication bypass.
· Claudio Contin
The following post aims to provide a high level overview of an iOS application security review methodology and an introduction of some tools publicly available to perform the analysis.