web application security

best practices

Waving the White Flag: Why InfoSec should stop caring about HTTPOnly

As a company that is constantly working with our penetration testing clients on understanding where they should focus their efforts, qualifying risk...

Training

How I Became a Security Consultant: AbsoluteAppsec Interview

Every so often, podcasts and such will invite me to speak on a variety of topics. And this week, I was very excited to join @cktricky and @sethlaw on...