Home | Resources

Web Application Security

VerSprite Evolved Cybersecurity Consulting

Pasta Threat Modeling

PASTA Threat Modeling: 7 Stages for Simulating Cyber Attacks

VerSprite emulates realistic cyber attacks by a malicious actor using PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis). Our risk-based threat modeling methodology consists of 7 stages for simulating cyber attacks and analyzing threats to the organization and application. This allows our pentesters, redteamers, and cybersecurity analysts to help your organization identify critical vulnerabilities and minimize real-world risks associated business impact.

Learn More →

Why UUIDs Should Not Be Used as Security Capabilities

Blog Post

Secure Protocols

How Secure Are Your Universally Unique IDentifiers (UUIDs)?

Universally Unique IDentifiers, also known as UUIDs or GUIDs, are 128-bit numbers used to uniquely identify information in computer systems. As the name implies, UUIDs should be for practical purposes unique and ideally hard to guess. BUT BE CAREFUL! An attacker might be able to predict future UUIDs.

Learn more

Secure Your Website: Simple HTTPS with Nginx

Blog Post

Secure Protocols

Secure Your Website: Simple HTTPS with Nginx

Even if your organization is running a backend web service that doesn’t support HTTPS, there are still options to use HTTPS, such as using Let’s Encrypt and Nginx. Transport Layer Security (TLS) is very important to protect your website from malicious code injections.

Learn more

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

Blog Post

Transport Layer Security (TLS)

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

When performing red teaming engagements, you typically have to assess the Wireless infrastructure used by the target in an attempt to find a way to set foot on their network infrastructure, and then search for completing your goals (which usually include obtaining sensitive business data or accessing critical systems).

Learn more

google-chrome

Blog Post

Web Application Security

Critical Google Chrome Security Issue

A critical issue has been discovered in Chrome that allows malicious attackers to escape the browser’s sandbox and execute code on the underlying operating system.

Learn more

transport layer security

Blog Post

Transport Layer Security (TLS)

TLS 1.3 and Major TLS Libraries Vulnerable

Attackers may take over accounts and pose as clients or employees to entice those controlling corporate accounts to divulge information or open malicious documents. These types of scenarios should be incorporated into user awareness training. Do not trust anyone online simply based on who they purport to be.

Learn more

http not secure

Blog Post

Phishing Attacks

Plain HTTP Websites Labeled “Not Secure”

As of the latest release of Chrome, sites not using TLS encryption are being called out in the address bar. Users will now see a “Not Secure” label when visiting sites over plain HTTP, even if the site does not transmit sensitive information.

Learn more

Blog Post

JSON Deserialization Memory Corruption Vulnerabilities

In this blog post, we will cover the types of memory corruption scenarios that can be triggered through deserializing untrusted JSON in the Jackson, FlexJSON, and json-io libraries on Android.

Learn more

Much of the following may be common knowledge to most, but many in IT and beyond misuse the term ‘SSL/TLS’ so a refresher can’t hurt. Key things to remember around configuring which version of SSL/TLS to support on your web servers

Blog Post

Secure Socket Layers

SSL/TLS Security – A Simplified, Quick Guide

Much of the following may be common knowledge to most, but many in IT and beyond misuse the term ‘SSL/TLS’ so a refresher can’t hurt.

Learn more

Javascript Platforms

Blog Post

Assessing Emerging JavaScript Platforms with Express.js and Node.js – What to Look For

Node.js is known as one of the most important emerging technologies. It is an event driven open source runtime to create server side applications.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos