At Security Innovation, our tech-enabled services leverage dozens of internally developed scanners, parsers, scripts and other tools to make our software security testing more efficient. However, authorization testing...

Hackers continue to use new techniques to wreak havoc on software applications and get access to sensitive data. The most effective way to reduce broad-scale application security risk is to conduct threat modeling...

As part of Security Innovation's internship program, I spent a month conducting extensive research on Android malware; in particular, the automated analysis of malware for the purpose of uncovering insights that can help...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, and oracles. Today...

The 2016 year has been a consistent reminder that hackers are still hard at work looking to take down top organizations around the world. During this year, we’ve focused on educating our readers about these attacks and...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices and bad implementation. Today we'll be...

While I realize that the reason DREAD has withstood the test of time is due to it's simplicity and clarity, I think that accuracy and a clear "you need to do something now" is essential.

DREAD has withstood the test of time is due to its simplicity and clarity. If you make things too heavyweight, people are less likely to use it. Also, when classification systems are too granular, more time is spent...

What's the single most impactful step you can take to improve the security of your applications and your application development process?

Issues with SSL and TLS are seemingly commonplace these days. In my previous post, I discussed many of the vulnerabilities that I've come across in the last few years conducting software security assessments for our...