Edit JWT Online (setting algorithm to none) Online editor for a JWT token to use the "none" algorithm. Edit the header and the payload, get the encoded output.
The Beginners Guide To Security Response Headers Response headers are an important part of web security. There are lots of headers, some that apply just to requests, some just for responses and some that can appear in both. Some are only relevant to web pages, while others are also useful in
WebAPI The API Security Problem (Note: If you'd like more on the OWASP API Top 10 then take a look at my Pluralsight course on OWASP Top 10: API Security Playbook [https://pluralsight.pxf.io/o2z3o]) There are many things on the internet that don’t get the security
Pluralsight OWASP API Top 10: Broken User Authentication This is the second entry in the OWASP API top 10 (API2:2019) [https://owasp.org/www-project-api-security/]. In my development career, implementing authentication was always something I feared. It's an important part of an API and implementing something like OAuth 2.0 [https://oauth.
Pluralsight Compiling the LaZagne.exe from Source Problems creating the LaZagne exe file? Use this guide to help you!
Security CVSS for Dev Teams Penetrations test results (hopefully) contain CVSS scores. Here are some thoughts on how a dev team should look at them.
Efficiency Choosing a Keyboard Deciding on the right keyboard as someone with an office job. Here are the key points about choosing a keyboard - I decided on a Durgod Taurus K310
ApiTop10 OWASP API Top 10: Broken Object Level Authorisation Understand how broken object level authorisation attacks work against an API, why they work and what the potential impact is..
Security Defending from Forced Browsing…good reasons not to just hide restricted content Secure coding to protect against forced browsing. Strong defences from forced browsing require controls such as Role Based Access. Here we explain how to mount a good defence!
Security Hooking a Browser with the Browser Exploitation Framework (BeEF) A quick guide to starting BeEF and running commands against a hooked browser
Security Proxmark 3, Cloning a Mifare Classic 1K Cloning a Mifare Classic 1k card using the Proxmark 3
Agile Why do we Perform Secure Code Reviews Why do we use secure code reviews, instead of just a generic code review?
Security When Should we Perform a Secure Code Review? Working in an agile environment we need to consider what we do and how important it is that we do it. We want efficiency, but not at the expense of quality. So when we think about secure code reviews we shouldn't assume they always
Agile Who can Perform a Secure Code Review? You need to pick the right person for a job. Here's how to find the right person for a secure code review.
Agile Agile Secure Code Review - References A list of references that have been useful when writing about Secure Code Reviews. I haven't found much yet! * FxCop [https://en.wikipedia.org/wiki/FxCop] * OWASP Code Review Guide [https://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents] * Pluralsight
Security API Throttling API request throttling limits the number of requests that can use your API. “Madness” you say, “intentionally stop requests from reaching my API?”
Security Defence Against SQL Injection How do you defend against SQL Injection? Have you only got one or two defences in place? Cover yourself from multiple angles and perhaps help your overall security stance too!
Security Adding Depth to Security with Input Validation Input validation is a simple yet powerful part of defence in depth. Discover how it helps improve the security of any service.
Security Defence in Depth Meets the Software Development Life-cycle Security in software development can get time consuming. Thinking about it in an Agile way can save time and may even be better...
Security Authentication vs Authorisation, know the difference Authentication vs Authorisation is one of the real basics of security, we've all got to start somewhere!
Security The Intricacies of IP Whitelisting What is an IP Whitelist? An IP whitelist restricts incoming traffic so that it may only arrive from an IP address or list of IP addresses. Traffic from any other address is ignored before any further processing. This is useful because you can immediately
Security The Security of Champions This is the third blog (first one here [https://www.gavinjl.me/is-your-business-unwilling-to-add-security-features-to-software/] , second one here [https://www.gavinjl.me/application-security-design-it-in-or-wedge-it-in-at-the-end/], third on here [https://www.gavinjl.me/security-degrades-over-time/]) from a meeting of the North-East England chapter of (ISC)2 [https://www.isc2.org/
Security Security degrades over time This is the third blog (first one here [https://www.gavinjl.me/is-your-business-unwilling-to-add-security-features-to-software/] , second one here [https://www.gavinjl.me/application-security-design-it-in-or-wedge-it-in-at-the-end/]) from a meeting of the North-East England chapter of (ISC)2 [https://www.isc2.org/], where security experts from the region used the
Security Application security, design it in, or wedge it in at the end?? ...security is rarely considered part of a minimum viable product.
