201-632-3422 info@carvesystems.com
Manipulating APIs for Security Test Automation

Manipulating APIs for Security Test Automation

We perform application-level security assessments of APIs quite frequently. About a year ago I was working on a project with a large REST API. Roughly 1,300 routes implemented across dozens of micro-services with a very complex role based authorization framework....
Should GNSS Be a Threat Vector in Your Threat Model?

Should GNSS Be a Threat Vector in Your Threat Model?

I spent time in January improving my understanding of Global Navigation Satellite System (GNSS) technology and working on lab techniques to test GNSS dependency during security assessments. GNSS is a broader term referring to all satellite positioning systems such as...