Blog Announcements
I have one ShmooCon ticket available for $300. Contact me if you are interested.
Why do I have one ShmooCon ticket for sale? I bought it in case we didn’t get accepted to ShmooCon, but we did! Dre, Tom Stracener of Cenzic (and formerly nCircle), and I will be giving a talk on:
Path X: Explosive Security Testing Tools Using XPath
We will cover what XPath is, how it is used to parse XML in web applications in order to aid security testing tools, and why XPath expressions are good locators in comparison to other methods such as DOM or CSS selectors. We will attempt to demonstrate how XPath can be used for good instead of being targeted with injection or blind XPath injection attacks.
Check the ShmooCon Speakers list for all the talks. If you’re going to ShmooCon as well and want to hang out, post a comment. We can’t wait for this years Podcasters Meetup — last years totally rocked. There is going to be a lot happening and it’s all going to be a lot of fun.
New Look
We have changed our look slightly and have a new theme. You might not notice much of a difference if all you read is our RSS. We hope that the new theme makes it easier for those who come to our site be able to read longer posts more easily. Not to mention, it’s faster, simpler, and cleaner… and I had it validating XHTML 1.0 Strict on my staging server, but not anymore. If anyone can help me out that’d be great, getting 100% Strict validation was pretty cool for those 15 minutes. :/
Research
Dre and I have been pouring a ton of research into web testing tools and using those tools to find vulnerabilities in web applications. Some coincides with the information we have put into our talk, which we will be publishing soon.
congrats guys!
joe and I will be there, we’ll have to meet up.
-CG
Congrats Marcin! Keep on rocking… :D
Totally like the new theme. Until you said something, I’m not sure I would have noticed even in visiting regularly, but it does look clean and nice!
Hi Marcin,
I have been reading your blog for more then 6 months now. I have really found it interesting with a lot of technical information. Keep up the good work.
We all learn a lot from your experience and posts.
Cheers
Shoaib
Shoaib
Shoaib,
Good work on your own blog! I just found it earlier this week.
I’m curious as to what you find useful from our posts. What type of information are you looking for?
Thanks for the comments guys. We got information from ShmooCon regarding the schedule and will be making a post later today.
@Shoaib, dre sent me your blog the other day and I really like it. You have some good content on there — will be putting you up on the blogroll.
Dre and Marcin,
You guys are really doing excellent job.
All your posts on Information Systems Security Audit, Security Plan, Vulnerability Assessments, Application Security and your views on latest security trends are excellent.
Dre, explains the topic in such a detailed way that it’s always worth reading it and when you finish reading it you always learn something new and sometimes you think that’s the excellent way of looking at things.
I was reading the comment post by dre on nitesh’s post on oreilly and I really liked the way he used his knowledge in explaining the topic in more detail.
Keep up the good work guys
Cheers
Shoaib