Month: September 2013

DerbyCon 2013 Wrap Up

Another year and another awesome conference put on by Dave Kennedy and his team.  DerbyCon never lets down and is getting better every year.   This year also brought in training classes before the conference that were an excellent addition.  Kevin and James taught the Assessing and Exploiting Mobile Applications with OWASP MobiSec and the …

DerbyCon 2013 Wrap Up Read More »

Details, Details, Details…How Much is Enough?

So you think being a penetration tester is the coolest thing around right?  Me too..  but there is one aspect that people usually don’t think about: Report Writing.  It is one of the most important parts of an assessment because it provides the customer with data they can then use to make important decisions regarding …

Details, Details, Details…How Much is Enough? Read More »

Professionally Evil: Self Inflicted Injury at Vendor’s Request

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find like some sexy injection vulnerability;  if I can access your administrative controls and gut your infrastructure it’s game over and a resume generating event for …

Professionally Evil: Self Inflicted Injury at Vendor’s Request Read More »

We Can’t Rely on the Browser for Protection

 A large part of doing security consulting is providing proper mitigations and recommendations to our clients.  Sure, the testing is the exciting part, but it is the recommendations that are going to have the greatest impact on our client’s security.  It is our goal to help make the security posture better, not set a record …

We Can’t Rely on the Browser for Protection Read More »

Industry Issues: New Vulnerabilities and Marketing Problems

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including consulting, penetration testing, training, and other services.  But the foundation of what I do is explain the what, why, and how of information security.  And …

Industry Issues: New Vulnerabilities and Marketing Problems Read More »

Scroll to Top