In this age of rogue hackers, government red teams, and everyone else under the sun with computer access, a few books, and an MO – what do you count on to keep them out? I tell you many organizations have blurred lines with security products, to the point that incidents are reported and brought to […]

I left college with a decent amount of programming experience, mostly in Java, but never really had an opportunity to actually use it.  Sure, I had an <sarcasm>absolute blast</sarcasm> creating everything from calculators, to red-black trees, to web servers while at school, but I was never really able to apply it to something I found […]

Buckle up, this is going to be quite the ride.  Burp Suite is a web application penetration tester’s bread and butter, a powerful suite of tools that covers everything you could ever want, need, or dream.  I’ll do my absolute best to cover everything in depth, but there’s quite a bit. Here’s a quick list […]

I apologize ahead of time if I start to ramble through this post.  Script injections are major vulnerability in web applications due to the variety of attacks that can result from one injection point and there’s a lot we can talk about.  If we take a look at the Verizon Data Breach Investigation Report, we […]

Someone once said that “no security hole is too small”.  The longer you work in the information security field, the more relevant this becomes.  So many times, it’s been shown that the tiniest details can lead to massive data breaches.  The 2013 Target breach is a prime example.  Attackers first broke into Targets network on […]

I think an attack vector that is often under-analyze is the web service.  There’s no user interface, so what’s the real danger? Cross-Site Scripting (which accounts for about 53% of all application vulnerabilities) is completely useless since there is no HTML response.  And how would one even use this tool without a user interface? Well, […]

Nearly every application relies on some type of data store, whether it’s a user database or a database of information related to the website.  Without proper sanitation of inputs, these stores can be vulnerable to SQL injections, and attackers may be able to retrieve critical information with our permission.  If you don’t have an understanding […]