This document discusses a number of attack vectors for SSL and TLS, offering real world examples where it can. Continue reading
As previously mentioned in SSL: Light at the end of the tunnel, today is the day that our SSL recommendations officially change. From today onwards the Team recommend only TLS versions 1.1 and 1.2. Up until now the Team have accepted the need for SSLv3 and TLSv1 for compatibility reasons, however the time has come to cut the cord. The loss of compatibility should only affect legacy systems. If these systems cannot be updated to support the newer protocols, then weak SSL is likely to be the least of your security concerns! Continue reading
This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment. Continue reading
This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5. Continue reading
Over the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications. Continue reading