Dump - a Burp plugin to dump HTTP(S) requests/responses to a file system
PortSwigger’s BurpSuite is the de facto tool for web, API, and mobile application assessments. Over the course of many engagements, the utility of being able »
What we learned about cloud security running a SaaS in AWS for 5 years - Part 5 - EC2 Instance Security
This is Part 5 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer »
How to Prevent RNC, Verizon, and Dow Jones AWS S3 Data Leaks
By now, you’ve probably heard of the 2.1 million customers data leaked at the highly esteemed WSJ parent company Dow Jones. In fact, in »
SameSite - Defense in Depth for HTTP Cookies
Not a lot has changed in recent years with the security of HTTP cookies. As web application security testers, we have been performing a pretty standard »
What we learned about cloud security running a SaaS in AWS for 5 years - Part 4 - Network Security
This is Part 4 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and never lost a customer »
