C’mon back to Cali! OWASP AppSec California This Week!
I’m looking forward to seeing everyone next week at OWASP AppSec California in Santa Monica and hearing some of the great talks planned, but I’m […]
Attack Types
AppSec Cali: Hackazon – Stop Hacking Like It’s 1999!
I’m looking forward to reconnecting with everyone next week at AppSec California. I hope you’ll join me for my talk, Hackazon – Stop Hacking Like […]
Taking Aim at Google’s Firing Range
This week a developer from Google released a new vulnerable test app named “Firing Range” which I have been digging into for the last few […]
Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing (OWASP AppSec USA 2014 Preso Review)
At the recent OWASP AppSecUSA in Denver, Daniel Peck of Barracuda Networks put together this presentation for those interested in phishing detection, or for anyone […]
Shellshock Bash Bug – 8 Important Lessons
While Shellshock has been all over Twitter and talked about on prominent news outlets, I’m still shocked that there is comparatively less press coverage than […]
The Bash Bug, In a Nut-Shellshock
As you probably know by now, a bug, named Shellshock or “The Bash Bug” has been discovered in a version of Bash, which is a […]
Four Reasons Security Teams Can’t Stop SQL Injection Vulnerabilities
SQL injection vulnerabilities have threatened application security for years. So why are they still quite common, despite the fact that we, as an industry, should […]
Eight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s Perspective
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it […]
OWASP Top 10 List Maturing – Evidenced by Minor Changes
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was recently updated. The 2013 Top 10 Listfeatures some incremental but noteworthy changes that point to the project’s maturity.
Why are we still vulnerable to side-channel attacks? (and why should I care?)
2013 B-Sides San Francisco Talk Summary Series This was a great talk given by Jasper Van Woudenberg, from Riscure. Whenever I attend these talks, I always […]
Surviving the Week 2/1/13 – Ruby on Rails – JSON Parser Vulnerability
Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is […]