Monthly Archives: September 2012

DerbyCon Bound

So the Secure Ideas staff is pretty excited to be headed to DerbyCon even though Jason is the only one smart enough to fly there. (James, Kevin, Tony and Nolan are driving the 13 hours from Jacksonville) This is the second year that Secure Ideas has sponsored the conference and the first where the entire consulting staff will be attending.

There are a number of events/talks we are looking forward to seeing and having the chance to connect with friends and new people is the best reason for going. (And we would be remiss to not point out what a great show the staff put on!)  Kevin will be presenting Saturday morning with Tom Eston of Secure State.  They will be adding another chapter to the Social Zombies series focusing on mobile devices and their applications. Tony and Jason will be presenting Saturday as well.  They will be discussing the SH5ARK project which is a series of protections against HTML5 based attack payloads.

So for all of the other people attending, we would love to talk, so find the people wearing the Secure Ideas, Professionally Evil shirts.  And don’t forget to ask for a water bottle! 😉

ViewState XSS: What’s the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given technology, the better our test will be for our customers.  ASP.Net is no exception.  A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack… Continue Reading