about-agilicus

Protect The Page

Web Application Security

Web Application Security

Web Applications are the dominate form of how most of us interact with data. From the early days of the world-wide-web where it was a read-only view of data we have evolved to highly dynamic 2-way real-time views of everything we hold dear.

Securing a web application is complex owing to the many risks. And, it is certainly an area many sites can improve.

Articles

  • Fixing the case of the un-sanitised input web app

    Fixing the case of the un-sanitised input web app

    Web applications may not be inherently secure. But we want them Internet available anyway. How can we reconcile these two? Let’s see!.

  • How phishing negates your firewall

    How phishing negates your firewall

    Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.

  • I Fixed My Malware Injection Issue With Content-Security-Protection

    I Fixed My Malware Injection Issue With Content-Security-Protection

    My personal site had a permissive content-security-policy. This allowed malicious adware injectors to grafitti it up. I fixed mine, fix yours today.

  • Securing a web (site/app/api)

    Securing a web (site/app/api)

    Ever wondered how to check how secure a site is (yours, another?). In this presentation I show how to do a simple assessment of security.

  • Free Your Applications: Ditch the IIS, Move Your .NET Apps To the Cloud. Safely. Securely. Simply

    Free Your Applications: Ditch the IIS, Move Your .NET Apps To the Cloud. Safely. Securely. Simply

    Your basement is full of servers running Microsoft IIS with .NET applications, chatting with local databases. You’ve read casually online about Cloud Native, Kubernetes, Containers, Docker. But this doesn’t apply to you, right? I mean, maybe in the future for new things, but not for the current? Well, let me try and change your mind. You can make your current applications become Cloud Native without a rewrite or rearchitect. Let me explain how. First, lets talk about the architecture of…

  • Suffering sisyphean security solutions: make your chrome part of the solution

    Suffering sisyphean security solutions: make your chrome part of the solution

    Use your desktop chrome to find software security flaws on sites you visit. And then fix (if your own) or notify (if not). Be part of the security solution.

  • Let’s Encrypt Staging. Safely.

    Let’s Encrypt Staging. Safely.

    Let’s Encrypt. It makes it simple and free to have decent TLS security. But the staging environment intermediate cert is (rightly) not trusted. How can you safely use this? Find out!