Stratum Security Blog (Page 2)

Sign in Subscribe

SameSite - Defense in Depth for HTTP Cookies

Not a lot has changed in recent years with the security of HTTP cookies. As web application security testers, we have been performing a pretty standard set of tests in this area, including a check for two well-known cookie flags, HttpOnly and Secure. Recently, at Stratum Security we started adding

What we learned about cloud security running a SaaS in AWS for 5 years - Part 4 - Network Security

This is Part 4 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer (that we know of) due to any cloud security concerns. In a traditional data center, network security plays a huge role in how you

What we learned about cloud security running a SaaS in AWS for 5 years - Part 3 - Identity and Access Management

This is Part 3 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer (that we know of) due to any cloud security concerns. When we set up shop in AWS we ran through different risk models to

What we learned about cloud security running a SaaS in AWS for 5 years - Part 2 - AWS Account Security

This is Part 2 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer (that we know of) due to any cloud security concerns. In a traditional data center there are controls to prevent someone from turning off

Journey into WebSockets Authentication/Authorization

Journey into WebSockets Authentication/Authorization

One subject that is often mentioned in talks about WebSockets security, is how WebSockets does not implement authentication/authorization in the protocol. This might not be as familiar because when the original research was done, there were not many applications using WebSockets. I wanted to demonstrate what this pattern looks

Webinar wrap up: “Safeguarding your network from Data Exfiltration attacks”

exfiltration Featured

Webinar wrap up: “Safeguarding your network from Data Exfiltration attacks”

Read a recent news article about a data breach and it will likely mention data exfiltration. It’s usually the last event of a string of seemingly preventable mishaps that result in a lot of people getting free credit reporting (or, as of late, uncomfortable conversations with your spouse). The