web application testing - Tacos and Security

Tacos and Security

Sign in Subscribe

web application testing

A collection of 6 posts

web application testing

What I'm reading this week

I've been working more and more on finding my "thing." InfoSec is hard like that. There is so much to dive into that everything seems interesting at all times, and at different times. For instance, digging into coding seems fun one week, then learning about web applications is fun another

What'd I do this week? Learned about JWTs. That's what.

This week I spent some time learning about JSON Web Tokens (JWTs). I had read about them in the past, but never really taken the time to dive in and really learn about them. Check it, RFC7519 [https://datatracker.ietf.org/doc/html/rfc7519] covers JWTs. Let's take a quick

It's been a while

It's been a while since my last post. I've been working as an application pentester for a new company. It's been great, but the imposter syndrome is getting the best of me. What have I been up to? I've been focusing a lot on learning some new skills. Trying to

Learning Things: CSRF - Cross-Site Request Forgery

I've heard the term multiple times, but I actually had no real idea what it was. Cross-Site Request Forgery, or CSRF (also somtimes pronounced as Sea-Surf). Well, I had the textbook definition that goes something like this [https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_

Let's Learn: OWASP Top 10 - Security Misconfiguration

I've known of the OWASP Top 10 for a while, but I can't say I've ever become deeply knowledgeable of the inner-workings of each. I've always understood them on a surface level that's maybe deep enough to pass your Sec+ or some other multiple-choice exam (not a knock on multiple

Free resources for learning web app testing

Web app testing is a cool space. There's a lot of new, interesting territory for someone like me who has been learning network pentesting. Both are a lot of fun, but web applications have so many interesting things going on that I've found I kind of dig it. That said,