Comment on HouSecCon 2011 and B-Sides ATL Review by Christian
Yes the shirts are awesome! It was nice meeting you Dan and talking to you and Kim at your booth. For emphasis, the shirt rocks.
View ArticleComment on Announcing SQL Invader by Joe Vernon
Why create yet another tool that will need to be maintained, and will slowly stagnate from lack of attention, and not contribute to an existing and terrific open source project like SQLMap?
View ArticleComment on Announcing SQL Invader by Dan Kuykendall
Hi Joe, We do plan to contribute back to SQLMap and we do use the same database format as SQLMap. To some degree you can think of this as a SQLMap re-write into java, with the addition of a slick...
View ArticleComment on Dropbox (in)security by nxb3942
Dropbox Enterprise File Transfer from Thru is the secure solution for businesses and enterprises. Their solutions have been working for large businesses for ten years without a single security breach....
View ArticleComment on Wine geekery at RSA – a wine tasting reception, NT OBJECTives...
It was a lot of fun, Matt. Let’s do this again sometime.
View ArticleComment on Tales from the Web Scanning Front: Blacklisting by Andre Gironda
“Contact us” pages need to be tested. It is wise to let the application owner know that turning off the mail functionality is the best bet, usually done first in a non-live (i.e. test/staging/dev) site.
View ArticleComment on Tales from the Web Scanning Front: Blacklisting by Dan Kuykendall
Agreed, we didn’t mean to indicate that “Contact us” pages shouldn’t be tested at all. But it is often unwise to run automated scanning against those pages on a production site. Automated testing of...
View ArticleComment on Vegas 2011 Review: How to Hide Your Pr0n by Josh Sokol
Thanks for the write-up on our talk at BSidesLV. I have very similar issues with the governments abuse of power and that was one of the reasons why we wrote Stegg0 to begin with. At the end of your...
View ArticleClik here to view.
Comment on Web Hacking Survival Kit (News Sources) by Chook
Nice site, and lots of info that will keep me reading for hours
View ArticleComment on Surviving the Week 6/8/2012 by Port80 Software
It’s good to see someone mentioning that users not only change their LinkedIn password, but also change it for any account that uses the same password, or even a similar password. It’s also important...
View ArticleComment on RSA 2012: NT Objectives hosts ISE® VIP wine tasting reception &...
Thanks a lot for your information. I am despretely searching for a RSA course to do but not getting any suitable place. will you plz let me know?
View ArticleComment on Wine geekery at RSA – a wine tasting reception, NT OBJECTives...
Thanks a lot Matthew for such a nice and wonderful presentation. I really appreciate a lot. Keep writing and give us some informative information like this.
View ArticleComment on The Sierra Network (ImagiNation) – Lives again by J.R. Holland
Dan - Do you still play on Inn Revival? I just downloaded the client from your blog and am interested in knowing if anyone is still playing. I’m doubting it, but who knows?!? Send me an e-mail at the...
View ArticleComment on Web Application Security Scanning – The Art of Automation by Andre...
There is only one direction for application security: ethical, whitehat full-knowledge source-code-assisted manual app penetration-testing. The industry decided long ago — just take a look at OWASP...
View ArticleComment on Web Hacking Survival Kit (Pentesting Tools) by mbati
Would like an online training on ethical hacking
View ArticleComment on Payback on Web Attackers: Web Honeypots (OWASP AppSecUSA...
Thanks for the post ☺ Yeah, web honeypots is an interesting topic and a lot of work to be done! We plan to release our project soon. Will keep you posted! Sincerely, SRF
View ArticleComment on Payback on Web Attackers: Web Honeypots (OWASP AppSecUSA...
Great! Looking forward to hearing your updates.
View ArticleComment on Web Application Security Scanning – The Art of Automation by NT...
You are right. no application can work perfectly in all situations. Limiting the potential for human error is critical…as is its requirement.
View ArticleComment on Mobile App Security – Application Security’s “Where’s Waldo” by...
Saying mobile is just like a web app is not accurate. Yes, there are a lot of similar problems you see in web apps (server side JSON, REST, etc. However, mobile application security is probably more...
View ArticleComment on Mobile App Security – Application Security’s “Where’s Waldo” by...
You are correct, that it is more like client server app security, but the main point is that the basic sort of attacks such as SQL injection can still work once inserted into the (JSON, REST, etc)...
View Article
