web application testing - Tacos and Security

Tacos and Security

Sign in Subscribe

web application testing

A collection of 6 posts

web application testing

What I'm reading this week

I've been working more and more on finding my "thing." InfoSec is hard like that. There is so much to dive into that everything seems interesting at all times, and at different times. For instance, digging into coding seems fun one week, then learning about web

What'd I do this week? Learned about JWTs. That's what.

This week I spent some time learning about JSON Web Tokens (JWTs). I had read about them in the past, but never really taken the time to dive in and really learn about them. Check it, RFC7519 [https://datatracker.ietf.org/doc/html/rfc7519] covers JWTs. Let's take

It's been a while

It's been a while since my last post. I've been working as an application pentester for a new company. It's been great, but the imposter syndrome is getting the best of me. What have I been up to? I've been focusing a

Learning Things: CSRF - Cross-Site Request Forgery

I've heard the term multiple times, but I actually had no real idea what it was. Cross-Site Request Forgery, or CSRF (also somtimes pronounced as Sea-Surf). Well, I had the textbook definition that goes something like this [https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_

Let's Learn: OWASP Top 10 - Security Misconfiguration

I've known of the OWASP Top 10 for a while, but I can't say I've ever become deeply knowledgeable of the inner-workings of each. I've always understood them on a surface level that's maybe deep enough to pass your Sec+

Free resources for learning web app testing

Web app testing is a cool space. There's a lot of new, interesting territory for someone like me who has been learning network pentesting. Both are a lot of fun, but web applications have so many interesting things going on that I've found I kind of