Vickie Li

Dangerous Regular Expressions

In previous posts, we’ve discussed what regex is along with ReDoS, a regex-specific vulnerability. Now it’s time for us to dig deeper into regex security.

Varrun Ramani

Automating Vulnerable Dependency Checking in CI Using Open Source

Learn how to conduct automatic security scans on your application's dependencies using continuous integration and open-source software.

Brian Demers

Security Audits: Do you need them?

An overview of a recent security audit on an OSS project.

Marc Rogers

Palo Alto Networks SAML Vulnerability

Today, Palo Alto Networks announced a critical security vulnerability affecting SAML certificate management across a range of their devices. While this vulnerability is isolated to Palo Alto Networks Firewalls, it impacts customers using these devices with independent identity providers (IDPs) that rely on the SAML protocol and who are using self-signed certificates, including customers of Okta. Complete details can be found in Palo Alto Networks’ security advisory, here:...

Indranil Jha

Adaptive, Step-Up Multi-Factor Authentication

Plain-old authentication is boring. Today I'm going to show you how you can enhance your application's security by providing smart multi-factor authentication (MFA), the kind that takes contextual and behavior-based factors into account.

Vickie Li

Intro to Log Analysis: Harnessing Command Line Tools to Analyze Linux Logs

Log analysis is one of the most important tools of a security researcher. In this article, we'll take a quick look at how you can analyze Linux logs using common command-line tools.

Tom Kellermann

The Escalation of Cybercrime

A look at how cybercriminals are attacking the financial sector during the COVID-19 pandemic.

Vickie Li

Common Pitfalls Of Custom SAML Implementations

SAML is a widely-used protocol for single sign-on, but it can be dangerous. In this article, we'll talk about why.

Sami Laine

What’s The Best Security Key to Buy?

There are dozens of security keys, authenticator apps, and password managers available. Which one should you use?

Sami Laine

SMS Two-Factor Authentication – Worse Than Just a Good Password?

If a website offers SMS-based authentication, should you enroll? Maybe not! In some cases, it’s worse than not having a second factor at all!