web application testing - Tacos and Security

What'd I do this week? Learned about JWTs. That's what.

This week I spent some time learning about JSON Web Tokens (JWTs). I had read about them in the past, but never really taken the time to dive in and really learn about them. Check it, RFC7519 covers JWTs. Let's take a quick look

pentesting

It's been a while

It's been a while since my last post. I've been working as an application pentester for a new company. It's been great, but the imposter syndrome is getting the best of me. What have I been up to?I've been focusing a lot on

OWASP

Learning Things: CSRF - Cross-Site Request Forgery

I've heard the term multiple times, but I actually had no real idea what it was. Cross-Site Request Forgery, or CSRF (also somtimes pronounced as Sea-Surf). Well, I had the textbook definition that goes something like this: "it's a type of web attack that

OWASP

Let's Learn: OWASP Top 10 - Security Misconfiguration

I've known of the OWASP Top 10 for a while, but I can't say I've ever become deeply knowledgeable of the inner-workings of each. I've always understood them on a surface level that's maybe deep enough to pass your Sec+ or some other multiple-choice

web apps

Free resources for learning web app testing

Web app testing is a cool space. There's a lot of new, interesting territory for someone like me who has been learning network pentesting. Both are a lot of fun, but web applications have so many interesting things going on that I've found I

Subscribe to Tacos and Security