Blog
Cybersecurity Impact of COVID-19
Earlier this month, the World Economic Forum put out an article titled “Why cybersecurity matters more than ever during the coronavirus pandemic.” I’m going to summarize this article, share what we...
On Mitigation Strategies
Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it's reproducible, write a proof of concept (PoC) exploit for...
Three Most Common Security Mistakes Seen During AWS Application Assessments
Security is often a big concern when it comes to cloud computing. According to the Cloud Security Alliance (CSA), traditional security issues under the responsibility of cloud service providers...
Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks
If you missed Brad's talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I'm not talking about League of Legends or...
Web Cache Session Hijacking
In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon's CloudFront is an example of a popular CDN. These CDNs can take advantage of...
DevSecOps: Do We Need Another Cybersec Buzzword?
The 10 Best Security Testing Tools
Any application connected to the internet is at risk for attacks from malicious outsiders. It’s important to check your application for vulnerabilities because they may lead to hacking or data leakage. Today’s security software comes in many forms, both free and paid. Understanding how these tools work alongside their strengths and weaknesses will help you […]
API Security: Guard against your provider’s weaknesses
When you think of API security, you typically think about your own APIs. So you’ll make sure you’re using proper authentication and authorization on your web services. Then you’ll verify you’re using secure coding practices. And then you’ll even add monitoring and alerting for anything out of the ordinary. Because you know that securing your […]
What does certificate pinning mean?
Are you struggling to hire appsec people? Read our post on hiring appsec engineers! Securing your mobile applications ensures that you and your customers are safe. And unfortunately, just using SSL and HTTPS doesn’t fully protect your data. Instead, certificate pinning currently tops the list of ways to make your application traffic secure. Today we’ll […]
What Does Federated Login Mean? A Simple, Detailed Answer.
Very often, there’s an indispensable need for users to access multiple applications, which are hosted by several organizations directly involved in the project. This need is almost always present irrespective of the size or criticality of the project. With multiple security domains comes the greater pain of having to remember the different credentials for each […]