Stories by Jason


Posts


Five Outdated Security Excuses

The Security Industry as a whole has been known to criticize businesses large and small with respect to how they manage security.   Why does it so...


Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application...


Practical Pentest Advice from PCI

The PCI Security Standards Council released a Penetration Testing Guidance information supplement in March 2015.  This document, while geared towards...


Tip: Running BurpSuite on a Mac

Here’s a quick tip I use to save some time when spinning up Burp Suite on a Mac.  I use Burp Suite frequently enough that having an icon on my task...


Burp Suite

And Now... Introducing: Burp BS!

Burp BS… where the “BS” stands for BeanShell.  “What on earth is BeanShell?” you may ask?  BeanShell is a very old Java library that was designed to...


MobiSec 2.0 Awesomeness Unleashed!

MobiSec has undergone a major reconstruction and version 2.0 (actually 2.0.1) is now available for download on SourceForge.  The popular mobile...


Don't Forget the Little Things!

On January 31st, Deusen disclosed what was described as a Same Origin Policy Bypass flaw called “Universal XSS (U-XSS)” in IE 9 through 11 on Full...


Web Penetration Testing with Burp and CO2

Start 2015 right with a free web session to learn all about the Burp CO2 plugin!  This training is scheduled for Thursday, January 8th, 2015 at 2pm...


Burp CO2 now sports some Laudanum Scripts!

There have been a number of updates to the Burp CO2 extension suite over the past couple of months but the most exciting one is the addition of...


CORS Global Policy

I recently noticed an uptake on Cross-Origin Resource Sharing (CORS) findings showing up in automated scanning tools, which would not have been a...