You gear up for another exciting day in infosec, walk into your building, sit at your cube and open up your email. If you’re like me you also browse social media feeds for the latest news in cybersecurity. That is when you see it, the next named bug…..heartbleed, shellshock, poodle, ghost, and now badlock. You sigh, […]
Look AppSec people, I know you just love dealing with development teams. I know the best part of my day is logging into my computer to be greeted by 3 “we don’t think this vulnerability is an issue” emails. Believe me, I’m sure they share the same warm, fuzzy feelings about us as well. But […]
At this point, I’m sure you’ve all heard about Apple’s on-going fight with the FBI over allowing backdoors into iPhones. In the world of cyber security, encryption, and privacy, this is the battle that will set the tone for the impending war. I have an enormous amount of respect for Apple’s CEO, Tim Cook. In an […]
Who ever said “work smarter, not harder” obviously had a Shodan account. This is a little story of how I managed to run a relatively simple audit against the company I work for in under 15 minutes. Again, if you haven’t read my blog post on the basics of Shodan, I would highly recommend giving […]
Considering the massive response I got from the last post about Shodan, I figured I should do a follow up. Thank you to all who re-tweeted the link, and a big shout out to John Matherly, founder of Shodan, for the publicity. Bro of the year. If you haven’t read through my last post, I […]
So let me tell you about a little thing called Shodan. To put it simply, this terrifyingly beautiful website is a search engine for the Internet of Things. It’s powerful, thorough, and just downright fun to play with. Shodan will take your search and discover all devices connected to the internet related to the query. […]
I know how hard it is for recent college graduates to snag that first big interview, so a big congratulations to you. That’s the first step to entering the cyber security profession. I also know how intimidating it can be trying to prepare for it. I figured I’d share some of the experiences I’ve had […]
Buckle up, this is going to be quite the ride. Burp Suite is a web application penetration tester’s bread and butter, a powerful suite of tools that covers everything you could ever want, need, or dream. I’ll do my absolute best to cover everything in depth, but there’s quite a bit. Here’s a quick list […]
I apologize ahead of time if I start to ramble through this post. Script injections are major vulnerability in web applications due to the variety of attacks that can result from one injection point and there’s a lot we can talk about. If we take a look at the Verizon Data Breach Investigation Report, we […]
I recently covered a few sections from the Verizon Data Breach Investigations Report (take a look if you haven’t already). I also mentioned another one of my favorites, the WhiteHat Security Website Security Statistics Report. This report gives an insightful overview of a constantly evolving and frequently targeted attack vector, web applications. Ignoring my strong […]
Hack-Ed 