Clik here to view.
The Bash Bug, In a Nut-Shellshock
As you probably know by now, a bug, named Shellshock or “The Bash Bug” has been discovered in a version of Bash, which is a command shell tool. The bug leaves millions of websites and computers open to...
View ArticleClik here to view.
Shellshock Bash Bug – 8 Important Lessons
While Shellshock has been all over Twitter and talked about on prominent news outlets, I’m still shocked that there is comparatively less press coverage than there was for Heartbleed which was a...
View ArticleClik here to view.
OWASP Top 10 List Maturing – Evidenced by Minor Changes
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was...
View ArticleClik here to view.
Eight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s...
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out...
View ArticleClik here to view.
Four Reasons Security Teams Can’t Stop SQL Injection Vulnerabilities
SQL injection vulnerabilities have threatened application security for years. So why are they still quite common, despite the fact that we, as an industry, should know how to prevent them? Clearly, if...
View ArticleClik here to view.
Surviving the Week 2/1/13 – Ruby on Rails – JSON Parser Vulnerability
Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is buggy. The fix delivered replaces the YAML backend (yaml.rb) which...
View ArticleClik here to view.
Why are we still vulnerable to side-channel attacks? (and why should I care?)
2013 B-Sides San Francisco Talk Summary Series This was a great talk given by Jasper Van Woudenberg, from Riscure. Whenever I attend these talks, I always include a couple that are pure indulgence to...
View ArticleClik here to view.
Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing...
At the recent OWASP AppSecUSA in Denver, Daniel Peck of Barracuda Networks put together this presentation for those interested in phishing detection, or for anyone with nostalgia for Dr. Seuss. Peck...
View ArticleClik here to view.
Taking Aim at Google’s Firing Range
This week a developer from Google released a new vulnerable test app named “Firing Range” which I have been digging into for the last few days. This has been of particular interest because of course I...
View ArticleClik here to view.
AppSec Cali: Hackazon – Stop Hacking Like It’s 1999!
I’m looking forward to reconnecting with everyone next week at AppSec California. I hope you’ll join me for my talk, Hackazon – Stop Hacking Like It’s 1999! In this talk, I’ll give a detailed overview...
View ArticleClik here to view.
C’mon back to Cali! OWASP AppSec California This Week!
I’m looking forward to seeing everyone next week at OWASP AppSec California in Santa Monica and hearing some of the great talks planned, but I’m mostly interested to see if Zach Lanier wears the same...
View Article
