Merry Christmas everyone! I hope you all have a safe and happy holiday. Have fun and drink and eat well! I can't wait to eat some real food after being away at school all semester. Thanks for the continued support this year as we have grown to over 300 [...]
Posted by Marcin on Monday, December 24, 2007 in
Other.
Sorry I haven't posted in forever. Dre's been covering for me while I've been super busy with finishing up school, reading, work, and other projects. I think Dre's packed more information in the last month than I did all year. 2007 Security Testing Tools [...]
Posted by Marcin on Friday, December 21, 2007 in
Security.
Linux.com is running a feature article on Building Secure Web Applications with OWASP. We're trying to Slashdot it, so everybody who reads this -- go and do that right now! The article is good and features quotes from Josh Sweeney of SecurityDistro.com. [...]
Posted by Dre on Thursday, December 20, 2007 in
Security.
I made an epic post to the LSO forums a few minutes ago. I felt the need to re-post a portion of it here. While meeting Joe earlier this evening, who is one of the founders of LearnSecurityOnline, I was inspired to think and write about XSS and a variety [...]
Posted by Dre on Tuesday, December 18, 2007 in
Hacking and
Security.
*Update on the TS/SCI Security Blog* First of all, I would like to announce that I will be retiring the long, diluted threads that have recently appeared on the TS/SCI Security Blog. This is the last of the "longer" threads I've been saving up for our [...]
Posted by Dre on Monday, December 17, 2007 in
Hacking and
Security.
Office collaboration services look like 1985 Microsoft Outlook and Exchange server have been the staple for office collaboration for over 10 years, with a model that has been around since Novell and Lotus in the mid-80's. Collaboration services are [...]
Posted by Dre on Thursday, December 13, 2007 in
Defense,
Hacking,
Security and
Work.
An audit framework for evaluating structured security program frameworks How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved? Possible frameworks [...]
Posted by Dre on Monday, December 10, 2007 in
Defense,
Hacking,
Intelligence,
Politics,
Security,
Tech and
Work.
Here's a quick post to decrease your exposure to attacks against web application vulnerabilities. A couple months ago, I posted an article that detailed 8 Firefox extensions for safer browsing. In addition to the extensions listed in that post, I use [...]
Posted by Marcin on Sunday, December 9, 2007 in
Security.
Chris Hoff published his 2008 Security Predictions, which offer a very dim future for the security industry. His first attack vector is regarding the virtualization hypervisor attacks. Didn't Ptacek prove that this vector is useless? I'm starting to see [...]
Posted by Dre on Wednesday, December 5, 2007 in
Defense,
Hacking and
Security.
This post isn't intended to be a retort to Jeremiah Grossman's post last month on Why crawling matters, but more of a follow-up post to my latest blog entry on Why pen-testing doesn't matter. Hint: both pen-testing and crawling are still [...]
Posted by Dre on Sunday, December 2, 2007 in
Security.
Pen-testing is an art, not a science Penetration-testing is the art of finding vulnerabilities in software. But what kind of an "art" is it? Is there any science to it? Is pen-testing the "only" way or the "best" way to find vulnerabilities in software? [...]
Posted by Dre on Sunday, December 2, 2007 in
Defense,
Hacking,
Security and
Tech.