Blog
The 5 Most Common GraphQL Security Vulnerabilities
Intro - GraphQL GraphQL (GQL) is a popular data query language that makes it easier to get data from a server to a client via an API call. GQL is commonly deployed as a critical piece of the...
Your best appsec engineer candidate is already on your engineering team. You just don’t know it yet.
There are things you can do to improve application security even if you’re unable to recruit and retain an application security engineer.
Don’t get Zoomed!
Zoom seems to be getting more than its fair share of condemnation from the security researcher community. What is going on?
So you’ve decided to hire an application security engineer? Here’s what you need to know.
Hiring an appsec engineer can be a long process, and for many organizations, is one that does not end successfully.
I am now a remote employee
A lot of companies have been quickly forced into a remote-only work environment, and we'd like to help make the security aspect of that reality easier to navigate. Remote work definitely comes with...
Cybersecurity Impact of COVID-19
Earlier this month, the World Economic Forum put out an article titled “Why cybersecurity matters more than ever during the coronavirus pandemic.” I’m going to summarize this article, share what we...
On Mitigation Strategies
Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it's reproducible, write a proof of concept (PoC) exploit for...
Three Most Common Security Mistakes Seen During AWS Application Assessments
Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers...
Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks
If you missed Brad's talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I'm not talking about League of Legends or...
Web Cache Session Hijacking
In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon's CloudFront is an example of a popular CDN. These CDNs can take advantage of...