Introducing the Carve gcptool

Today I’d like to introduce gcptool, a Google Cloud Platform (GCP) focused tool to assist with auditing a cloud configuration. Here at Carve, we frequently test the security of our customer’s cloud configurations throughout the course of our projects. Most...
WASM Security Assessment Techniques

WASM Security Assessment Techniques

Do we have a problem? The World Wide Web have been struggling with how to create portable, efficient and safe programs (pick two) for decades. The current best of breed attempt is called WebAssembly and is affectionately referred to as “WASM”. The project...
On Mitigation Strategies

On Mitigation Strategies

Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it’s reproducible, write a proof of concept (PoC) exploit for the vulnerability to determine the impact, and then (3) focus...