Thomas Stacey

Thomas is an Application Security Auditor with Outpost24. He is a highly skilled penetration tester and security researcher with expertise in web application testing with over five years of experience. He is a Burp Suite practitioner, a full-time Lego enthusiast, and loves to share his knowledge with others.

Five strategies for uncovering vulnerabilities in web applications

Application Security 19 Nov 2024

I’ve been working as an Application Security Auditor in Oupost24’s web application security testing team for almost three years now. Our team have shared several pieces of research over the past year, on topics including cross-site request forgery, cross-site scripting…

Exploiting trust: Weaponizing permissive CORS configurations

Application Security 01 Oct 2024

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in…

Cross-site scripting (XSS): What it is and how to prevent it

Application Security 19 Feb 2024

Web applications are an integral part of our daily lives, used for everything from banking and shopping to social networking and business operations. However, this widespread reliance on web technology has also made it a prime target for cyberattacks. One…

Can traditional pen testing keep up with modern AppSec? Ask the pen tester

Application Security 15 Nov 2023

You have kicked-off your annual application security assessment, but by the time the final report comes in, so have a bunch of new features from your developers. Since your pen test report can’t keep-up with your modern development cycles, it…