<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Mike Milner

A critical thinker and technical strategist with a measured approach to effective execution, Mike is the Co-Founder and Chief Technology Officer at IMMUNIO. While he's witnessed the breadth of opportunities technology and data intelligence have created for business and government, Mike's focus has always been on the vulnerabilities. Between fighting cybercrime for the Canadian government and working for security agencies overseas, Mike has developed a deep understanding of the global security landscape and how the underground economy dictates hacks and ultimately drives breeches. This unique experience paired with his robust technical prowess helped Mike uncover what the next generation of security software should look like in IMMUNIO. Prior to founding IMMUNIO, Mike was a lead member of the technical staff at Salesforce.com where he gained insight into the business side of web applications. He also served as a software engineer at Canonical, working on the world's most popular free operating system, Ubuntu, following his time serving both the Canadian and UK Government.

Recent Posts

Using RASP to Make Bug Bounty Programs More Efficient

POSTED BY  Mike Milner on Feb 16, 2017
Feb 16 2017

Bug bounty programs have gained popularity throughout the tech industry, cropping up at tech giants such as Facebook, Google, and more recently Apple. The programs effectively crowdsource manual penetration testing (pen testing), allowing users...

Continue Reading ›

TOPICS     RASP

Why Target the Application Layer

POSTED BY  Mike Milner on Feb 14, 2017
Feb 14 2017

When most of us think of applications, we think of the various programs we have downloaded to our smartphones. We interact and make requests of these programs to perform whatever function we need. These requests often, if not always, require the...

Continue Reading ›

TOPICS     Application Security

How External Dependencies Put Your Apps at Risk

POSTED BY  Mike Milner on Feb 02, 2017
Feb 02 2017

Web applications are complex. Only a tiny part of any web app is code that you write for it. In fact, it is possible to create a web application without writing any original code. Some estimates say that 80% of the code in web applications is...

Continue Reading ›

TOPICS     Application Security  Application development

Preventing Account Takeover (ATO)

POSTED BY  Mike Milner on Jan 17, 2017
Jan 17 2017

Hackers are dedicated criminals. They will work hard to exploit any vulnerabilities in your website and network—because there is a lot of money in it for them when it works. One popular way of breaking into a system is to take over the account of...

Continue Reading ›

TOPICS     Account Takeover

Even if You Haven't Been a Victim of Account Takeover, You're Still Vulnerable

POSTED BY  Mike Milner on Jan 12, 2017
Jan 12 2017

The past few years have seen some of the world’s largest corporations fall victim to data breaches. Yahoo, LinkedIn, and Adobe, to name a few, have had to grapple with the theft of millions of user credentials. Stories like these should serve as...

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Stop Account Takeover in its Tracks

POSTED BY  Mike Milner on Jan 10, 2017
Jan 10 2017

It seems that everyday we see headlines announcing a data breach that resulted in theft of information for hundreds of thousands, millions, or even billions of users. These are clearly brand damaging headlines, and the numbers are certainly...

Continue Reading ›

TOPICS     RASP  Account Takeover  Stolen Credentials

Web Application Health

POSTED BY  Mike Milner on Dec 22, 2016
Dec 22 2016

The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access...

Continue Reading ›

TOPICS     RASP  Web Application Security

Bot Fingerprinting

POSTED BY  Mike Milner on Dec 20, 2016
Dec 20 2016

A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...

Continue Reading ›

TOPICS     Vulnerabilities  Web Application Security

RASP and Security Against Internal Breaches

POSTED BY  Mike Milner on Dec 13, 2016
Dec 13 2016

As companies consider their application security posture, it is critical to remember that breaches can come from both outside and inside the company and its trust boundaries. Internal threats require just as much protection as external risks.

Continue Reading ›

TOPICS     Insider  Application Security  RASP

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

POSTED BY  Mike Milner on Dec 01, 2016
Dec 01 2016

Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security  Mobile App Security