Professionally Evil Insights

Posts


Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for...


SH5ARK: Taking a Byte out of HTML5

The new features in HTML5 have opened a whole new world of opportunities for developers and for attackers.  Secure Ideas recognized this and  with...


How To: Encrypting Mac Mail

As a security consultant, frequently traveling, it is critical to implement security controls to protect sensitive data on my computer.  One of the...


DerbyCon Wrap Up

Its a wrap!  DerbyCon has ended for the Secure Ideas crew and we are all headed home.  While a few team members are flying out, the rest of us are...


DerbyCon Bound

So the Secure Ideas staff is pretty excited to be headed to DerbyCon even though Jason is the only one smart enough to fly there. (James, Kevin, Tony...


Testing

ViewState XSS: What's the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given...


security

SamuraiWTF 2.0? What happened to 1.0?

So the SamuraiWTF project have released the first few release candidates for the formal 2.0 release.  Since the previously available version was...


incident response

Security Onion @ UTOSC 2012

Shortly before joining Secure Ideas, I spoke on Security Onion and Network Security Monitoring (NSM) at the Utah Open Source Conference 2012.  The...


developers

How to Setup RatProxy on Windows

In an effort to help developers and other windows users get started adding security testing into their process, this post will describe the process...