Cyber Security Resources
Whitepapers
Improve your cybersecurity by reading our whitepapers and learning from our experts
Labs
Take a look at our tools, presentations, and policies
Security is a Long Distance Event
Twenty-five miles and seven hours into my first 50 mile trail running race, I told myself there are only twenty-five miles and seven hours to go. It should be simple - just keep going, right? This was my mindset a year into taking up running at my first Leadville Silver Rush 50 run. The idea was...
WASM Security Assessment Techniques
Do we have a problem? The World Wide Web have been struggling with how to create portable, efficient and safe programs (pick two) for decades. The current best of breed attempt is called WebAssembly and is affectionately referred to as "WASM". The project defines WASM broadly as: WebAssembly...
3 Ideas to Improve Application Security Today
Application Security, or AppSec, is a race between your business and bad actors. Whether you realize it or not, people and bots are constantly attacking and probing your Internet-facing and cloud hosted applications. In fact, it's not uncommon to hear of known vulnerabilities causing a...
Security Champions: How to grow your security team without making a single hire
As we discussed in our previous post: your best appsec engineer is already on your team, you just need to find them. In larger development organizations, however, this one person might not be enough to create the culture of security necessary for long term risk management and improved software...
Stop wasting money on PCPs (Pretty Crappy Pentests)
A company asked us for help with a troubling issue: anonymous web site users would randomly become authenticated as other users in their financial services application. The client’s engineering team had no meaningful log data, and wasn’t able to reproduce the issue over many months. They only knew...
The 5 Most Common GraphQL Security Vulnerabilities
Intro - GraphQL GraphQL (GQL) is a popular data query language that makes it easier to get data from a server to a client via an API call. GQL is commonly deployed as a critical piece of the technology stack for modern web and mobile applications, and as a result, Carve has worked with GQL in...
Stay Connected
Stay on top of the latest in cybersecurity tools, news, and opinion with @carvesystems on social media! Check out our blog for cyber tips, tricks, and all things infosec.