Archive for August 27, 2013


Comparing Authorization Levels with Burp’s Compare Site Map feature

August 27, 2013

Burp Suite from is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot […]


My Crayons Didn’t Upload My Pictures to the Internet

August 25, 2013

In July, my daughter, Brenna (11yo) and I presented at the SANS Denver event.  She has long wanted to present with me and we both thought this talk was the […]


Analyzing Web App Attacks Using ModSecurity at MIRcon 2013

August 14, 2013

I’m extremely excited to announce that I will be speaking at MIRcon2013 on ModSecurity!  The presentation’s goal is to help systems administrators, incident responders, and security analysts better manage and […]


SIAM: Custom Testing Machines

August 13, 2013

Secure Ideas recently made the decision to create custom machines that we could use for penetration testing engagements.  These machines, called SIAMs, are the Secure Ideas Attack Machines.  The machines […]


Burp Extension for F5 Cookie Detection

August 8, 2013

 This past February, my fellow colleague James Jardine wrote an excellent blog post called “Decoding F5 Cookie” where he described in detail how F5 load balancers use a persistence cookie […]


Defending Against Pass-the-Hash (PtH) Attacks

August 6, 2013

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy […]


Video: Introduction to Burp Suite

August 1, 2013

The below video is an introduction to Burp Suite.  This is the first of our videos that will teach people how to use Burp Suite and other tools the same […]