Old School Security

“Welcome to AppSec io

Home of the AppSec Findings Database”



About Us

×××
Old school professionals who give a damn

About Us

What is old school?

Old school security is the idea that even though technology and threats keep evolving, fundamental security practices stay the same. Whenever you are unsure about how to protect the enterprise, go back to the basic tenets of InfoSec and you'll find your answer. In short, go old school.

The Database

What is it?

The AppSec Findings Database is a comprehensive collection of report-ready application security findings and testing techniques developed over many years. If you want to increase the quality of your reports and improve your testing, subscribe to the database today.



The Blog

×××
News from the house
  • How To Map A Web Application Like A Pro


    Before jumping into any battle, you should know the enemy. For a pentester, mapping an application gives you the knowledge to successfully take on an application and find its weaknesses. In this post, I go into the details of how to map an application and more importantly, how to use this information to be more effective in finding vulnerabilities and in general, be more awesome as a pentester.

    (more…)

  • How To Create An Awesome Application Security Report


    If you want to excel as a pentester, it is not enough to be a highly technical security expert. You have to be able to produce high quality reports that effectively communicate an application’s security state to a client. In this post, I go over some of the key components of an application security report and give you some writing tips to improve your main deliverable as a pentester.

    (more…)

  • How To Write An Application Security Finding


    Although most application security testers would prefer to spend their time hunting for the next cool finding, we all know that at some point we have to devote some time to writing up our work. You may have found a severe vulnerability in the application but if you can’t effectively describe the issue to the client, they may not truly understand its impact or how to remediate it and they may end up being in a worse place than when you started. (more…)

  • How To Scope A Web Application Security Test


    One of the most underrated parts of a web application security test but perhaps one of the most important is scoping.  Scoping an application before a security test is designed to provide enough information to all parties to ensure that the test will have the best chance of success.

    (more…)

  • Top 10 Mistakes in Application Security Testing


    For application security testers, there is a ton of great material on the Internet and elsewhere about what to do during a security test. If you want to test for SQL injection, there are a million guides that will walk you through the steps. What I’ve found is that there is a lot less discussion of what you shouldn’t do during a test in order to avoid mistakes or to stay out of trouble.

    (more…)

  • HttpOnly Not Set


    One of the most common web application security findings we see during testing is the lack of the HttpOnly flag on session cookies. As web application pentesters, we love this finding because it is so easy to find and it assures us of at least one finding during testing. (more…)



Filter by
  • Authentication
  • Authorization
  • Configuration Management
  • Encryption
  • File Management
  • Headers
  • Injection
  • Mobile
  • Risk - Best Practice
  • Risk - High
  • Risk - Low
  • Risk - Medium
  • Session Management


Contact Us

×××
We'll be glad to answer your question!
2 + 3 =
Please, write your name. Please, insert your email address. Please, leave a message. Umh, are you good with math?