Category: Application Security

Four years ago, I became GIAC-GWEB certified. I noticed that I never blogged about this experience. Today, I remediate to that. Why GIAC-GWEB? When you decide that you want to do an application security certification (or any certification for that matter) make sure that the certification provider is recognized...

One recurrent question that I continuously get is “how do I get started in security/application security?”. The truth is, at the moment, there is no clear path for someone looking to start in this field. There is no college or university degree (yet, although you might have access to...

OSCP (Offensive Security Certified Professional) is one of the best known certification in penetration testing. This is also one of the most, if not the most challenging one as well. As it turns out, I gave it a try (spoiler alert, I did not succeed) and I am writing...

Multiple techniques exist to mitigate SQL injection: use a white list, parameterization, etc. OWASP has a complete prevention cheat sheet here. However, this cheat sheet covers cases where the untrusted input goes in a WHERE statement. What would be the best approach if the untrusted input is the table...

As I am specializing in application security, I begin to realize the problems that lead to badly protected applications. One of those problems, if you ask me, is the fact that for most organizations, security is an afterthought. They do some penetration testing on the applications only from time...