9 posts tagged with "application-security"

Hello!

Today, I want to show how the Webhooks feature of Secutils.dev can be used to explore third-party services from the outside, what a security researcher would call basic active reconnaissance. Reconnaissance is just a fancy word for gathering information about a target system to understand exploitable vulnerabilities and attack vectors. In this post our intent is innocent: we want to learn how a particular service implements a feature we like. The technique, however, is the same one a researcher would use.

Hello!

As the end of "Q2 2023 - Apr-Jun" milestone (that's how I structure my roadmap) is quickly approaching, I wanted to give a quick update on the progress so far. One of the significant deliverables for this milestone is a functional web resources tracker utility. The utility should give developers the ability to track resources of any web page. You may be wondering why they would want to do that and how it relates to security. Let me explain using two personas: the developer and the security researcher.

In my previous posts I've consistently pushed back on waste, whether it's time, money, or process overhead. Today I want to apply that same lens to security configuration management and argue that the engineering teams who build and run a product are the right people to own a big chunk of it. I'll use Content Security Policy (CSP) as the concrete example and show how Secutils.dev supports the full lifecycle: create, deploy, and monitor.