New Can I Trust Test Case: Browser returns secret out of pre-cached response in a CORS-Request
A new Can I Trust Test Case ist available.
This time the topic is the following:
If a browser does not retrieve a Cache-Control-Header after an authenticated request against an API, which subsequently serves a secret content, does the browser serves the cached secret content if a foreign website queries the same API again without authenticating again? Does this work even Cross-Domain?
You will find the answer under:
What is CanITrust.in?
Browsers nowadays have a lot of built-in security features to help make the web more safe by default. Although this is a great thing, unfortunately, different browsers implement these features slightly different than other browsers. And sometimes, the implementations also differ from browser version to browser version.
This is where CanITrust.in comes to the rescue. Inspired by the great caniuse.com, we built an environment to test all those different security features. This web site makes the results available.
mgm sp @ Heise DevSec
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.
Pentest FAQ – #7 and #8 – What is a penetration test? And what is it not?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: : Questions #7 and #8 – What is a penetration test? And what is it not?
The Big Application Security Penetration Testing FAQ for Clients
Have you ever wondered what a pentest is exactly or how such a test works? Our Big Application Security Penetration Test FAQ for clients answers these questions and much more.
Tool Tuesday – nmap
One tool which should be installed on every pentester PC is nmap. This command line tool is the Swiss army knive for penetration tests on network level, but also used regularly by system administrators.
mgm sp @ Munich
Our head office is located in the heart of Bavaria, since the time of SecureNet. Come have a look!