BCC Risk Advisory Blog

Our Traditional approach to penetration testing, even large scale global penetration testing is to perform an annual/bi-annual pen test on our web applications.

Continue Reading

Its been a while since i posted. I've been bogged down with code reviews and training but even when you deliver training you learn something new. This is particularly true when training developers keen to learn secure development. The conversations during the course tend to be more about building than breaking....

Continue Reading

Cross Site Scripting is sill a very common web vulnerability. Generally it is used to attack clients/users.It can be used for malware upload, botnet hooking, keylogging, a payload delivery system for clickjacking and CSRF attacks and much much more, all for 6 easy payments of $9.99...sorry got carried away there :)

Continue Reading

A major issue with enterprises is "are we secure?" (what does that even mean...). If you are asked by the CEO whilst sharing a lift to the 10th floor,what do you answer??? eh..em yes..er no...well sort-of.....

Continue Reading

This document reflects my personal opinion on the state of application security. It calls out what I see are the weaknesses of our approach as a community to addressing the issue of web [in]security. Web [in]security is a healthy and growing industry and rather than verification of issues we constantly find and are exposed to new threats without every addressing the current ones en-masse…….

Continue Reading