Archive for September, 2008

OWASP NYC AppSec 2008 and NYSec Recap

Living in NYC has its perks, one being that we host the largest OWASP chapter across the world. The NY/NJ Metro chapter put a lot of effort into making sure this last week went smoothly, even with the change of venues at the last minute. I had a lot of fun, and it […]

Fun with WiFu and Bluesniffing

This is just going to be a long list of links with rants.  I have taken up the duty of disseminating information on the latest in WiFi and Bluetooth penetration-testing for no real reason other than it’s on the tip of my tongue.
First, we have the BackTrack 3 project, which is basically mandatory if you […]

OWASP AppSec NYC 2008 — Will you be there?

The OWASP AppSec NYC 2008 conference is only a couple days away, with training starting at 9AM on Monday. I will be attending the “Advanced Web Application Testing” training course with Eric Sheridan of Aspect Security. I’m really looking forward to this conference, as it’ll give me the opportunity to meet up with […]

Web Application Security Tomorrow

Jeremiah Grossman wrote in the opinion section for Application security in CSO Online magazine about Web Application Security Today — Are We All Insane?
I have an opinion of my own which I would like to share with my readers.  Jeremiah spreads FUD — Fear, Uncertainty, and Doubt (mostly fear) in his message.  I wanted to […]

Google Chrome first look

The bad:

It’s a front-end to WebKit much like Safari, with no bells-or-whistles
The only add-ons are Web Inspector (from WebKit), Chrome’s own Task Manager, and Chrome’s own Java Debugger (they could have at least used Drosera which comes with Web Inspector / WebKit)
The Google Updater software it installs runs as a separate process, is not a […]