Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Cybersecurity in Web Applications - Where to start? Where to improve? Where to learn more?
A curated guide to web application security resources organised by experience level, from getting started with the basics to advanced training and specialised tooling, with short notes on what each resource covers and when to reach for it.
Hardening guide for JBoss EAP 7.0
A practical hardening guide for JBoss EAP 7.0 web servers covering welcome page removal, custom error handling, jboss-web.xml tuning, and other configuration tweaks that are still missing from the official documentation.
Nmap scripts for Trane Tracer SC HVAC
8.8 Mexico will take place on October 11 in Mexico City. Websec will be represented by Paulino Calderón who will give his talk, "Defeating Monkeys with Scanners".
Ncrack and Nmap NSE development for offense and defense - DEFCON CHINA
Paulino Calderon (@calderpwn) represented Websec in the first edition in China of the world-renowned DEFCON event. Here we share all the material of your workshop.
Launching replay attacks against the Wells Fargo Wallet service
The Wells Fargo Wallet service is susceptible to replay attacks, where an attacker may intercept a transaction through an altered PoS or fake terminal, steal the sensitive token, and replay the token later.
Three Non Web-based XSS Injections
In this post guest blogger Alejandro Hernandez (nitr0us) writes about some interesting and fun XSS vectors which are not commonly seen.