Multi-Cloud Design: The Priority Focus Should be on Application Security, Part 2

This is part-2 of a 2 part series that discusses the risks involved for application security in the new multi-cloud environments. This part introduces the requirements for multi-cloud, the types of multi-clouds and the risks they transport to application security. Requirements for multi-cloud So why is there a need for true multi-cloud capacity? The upsurge […]

Read More →

What is the cost of a data breach?

If your company isn’t taking important steps to protect against a potential data breach, it might be time to worry – attacks on businesses and organizations are increasing, and so are their costs. According to a new study by the Ponemon Institute, an average cost of a “regular” breach ranges from $2.2 million to $6.9 […]

Read More →

A Security-focused Introduction to HTTP, Part 2

This is the second part of a two part series on HTTP basics. In this second part, we cover several attributes of the HTTP protocol such as encoding, HTTP headers and authentication in more detail. Query strings The query string is defined using the question mark (?) character after the URL within an HTTP request. […]

Read More →

Deserialization Vulnerabilities: Attacking Deserialization in JS

At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results of my own research and a new approach of attacking […]

Read More →