User Enumeration in a Production Environment – Credential Stuffing 101

Ah yes, credential stuffing! Almost as common as thanksgiving stuffing, yet as distasteful as black Friday shopping. Credential stuffing is especially effective when it’s coupled with user enumeration. The likelihood of user enumeration attacks occurring on typical web applications is high, and the impact is often hard to define, making this a moderate risk severity User Enumeration in a Production Environment – Credential Stuffing 101

Shifting Security Left: A Practical Guide

Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify and remediate security vulnerabilities earlier in an application’s development process, it’s easier and cheaper to address them. The logic checks out. Consider Shifting Security Left: A Practical Guide

Is your penetration testing vendor just trying to sell you products and services?

Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting.  Since I was heavily focused on security consulting solutions for my client base, our leadership assumed that I would be thrilled by them including a keynote speaker who “specialized” in Is your penetration testing vendor just trying to sell you products and services?