Posts by Denim Group Team

Post: A Guide to ASP.NET’s Page Life Cycle and the ViewState

This blog has been updated with new information for 2020. ASP.NET provides you with several life-cycle events for you to handle and insert all the functionality of your web application.  This article will explore the operations that all web-pages need to do, and map them to the ASP.NET lifecycle events.  Then we will look at […]

Webinar: An Updated Take: Threat Modeling for IoT Systems

Post: Denim Group Update: COVID-19

As the circumstances surrounding COVID-19 continue to evolve around the world, we at Denim Group want to ensure you that we are doing our part to support our teams and yours during these trying times. The health and safety of all is our top priority.  At Denim Group, we have a business continuity plan in […]

Post: MIME Sniffing in Browsers and the Security Implications

Introduction Whenever a website in opened in a browser, there are many tasks that are being silently performed in the background. One of those tasks is fetching resources such as images, stylesheets and JavaScript from different domains on the internet and then parsing those resources. For example, a browser fetches an image from remote server […]

Post: How to Get Started Securing IoT Devices

Modern Internet of Things (IoT) devices are connected to operate with other devices, web portals and one another in order to share real-time data. For teams building, or looking to integrate new IoT devices into their organization, this business decision represents an increase to your overall attack surface, and therefore presents new challenges for the […]

Post: AppSec Concerns: UUID Generation

Background During static analysis, one of the things the application security team checks for is strong random number generation for security sensitive contexts. We see weaknesses in this space quite often for temporary passwords and session identifiers, but an increasingly common variant is for universally unique identifiers (UUIDs). The proposed UUID standard describes a UUID […]