Thomas Stacey

Thomas is an Application Security Auditor with Outpost24. He is a highly skilled penetration tester and security researcher with expertise in web application testing with over five years of experience. He is a Burp Suite practitioner, a full-time Lego enthusiast, and loves to share his knowledge with others.

Five strategies for uncovering vulnerabilities in web applications

Application Security 19 Nov 2024

I’ve been working as an Application Security Auditor in Oupost24’s web application security testing team for almost three years now. Our team have shared several pieces of research over the past year, on topics including cross-site request forgery, cross-site scripting…

Exploiting trust: Weaponizing permissive CORS configurations

Application Security 01 Oct 2024

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in…

Cross-site scripting attacks in action and how to protect against them

Application Security 19 Feb 2024

Cross-Site Scripting (XSS) attacks pose a significant security threat by infiltrating an application's input fields with malicious code snippets. When users access the affected pages, this code is executed in their browsers, putting their sensitive information at risk. The malicious…

Can traditional pen testing keep up with modern AppSec? Ask the pen tester

Application Security 15 Nov 2023

You have kicked-off your annual application security assessment, but by the time the final report comes in, so have a bunch of new features from your developers. Since your pen test report can’t keep-up with your modern development cycles, it…