by Bhaumik Shah | Feb 12, 2019 | InfoSec Strategies
In recent web application assessments, I’ve found a number of client applications that have cross-origin resource sharing (CORS) vulnerabilities—which I flagged as Critical because they left the application wide open to a range of potentially very damaging attacks.... by Leigh Ronczka | Apr 24, 2018 | ISMS Consulting
The self-audit is the most basic form of cyber security audit. While it is no substitute for the impartiality and expertise of a professional auditor, a self-audit can add considerable value, particularly if you’ve never done any form of audit before. Audits vs.... by Bhaumik Shah | Mar 22, 2018 | InfoSec Strategies, Penetration Testing
If your development teams have moved away from a waterfall approach to a more modern agile or DevOps methodology with frequent releases or continuous integration, how can you ensure and verify application security with just the “traditional” annual penetration...
