AppSec Blog

Breaking CSRF: Spring Security and Thymeleaf

As someone who spends half of their year teaching web application security, I tend to give a lot of presentations that include live demonstrations, mitigation techniques, and exploits. When preparing for a quality assurance presentation earlier this year, I decided to show the group a demonstration of Cross-Site Request Forgery (CSRF) and how to fix … Continue reading Breaking CSRF: Spring Security and Thymeleaf


ASP.NET MVC: Audit Logging

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at creating an audit logging action filter in the ASP.NET MVC framework. Audit logging is a critical step for adding security to your applications. Often times, audit logs are used to … Continue reading ASP.NET MVC: Audit Logging


Cloud Encryption Options - Good for Compliance, Not Great for Security

Guest Editor: Today's post is from David Hazar. David is a security engineer focusing on cloud security architecture, application security, and security training. In this post, David will take a look at the encryption options for applications hosted in the cloud. Over the last decade, due to new compliance requirements or contractual obligations, many, if … Continue reading Cloud Encryption Options - Good for Compliance, Not Great for Security


ASP.NET MVC: Data Validation Techniques

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at the data validation features built into the ASP.NET MVC framework. Data validation is one of the most important aspects of web app development. Investing effort into data validation makes your … Continue reading ASP.NET MVC: Data Validation Techniques


ASP.NET MVC: Using Identity for Authentication and Authorization

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at the authentication and authorization security features built into the ASP.NET MVC framework. Implementing authentication and authorization mechanisms into a web application with a powerful ASP.NET Identity system has become a … Continue reading ASP.NET MVC: Using Identity for Authentication and Authorization