I have several things I want to say about web services but for this post I am going to constrain myself to explaining why web services are scary to me in the role of a pen tester. In this context, web services can really mean any type of web service but typically refers to those …
SECURE IDEAS IS OFFERING A FREE SECURE CODING CLASS You see it the news all the time. Websites are getting hacked, data is being stolen, and revenue is lost. How are they committing these breaches? How does a website get hacked anyway? Come to a 3 hour technical workshop at Galvanize on December 20th to …
Secure Ideas is Offering a Free Secure Coding ClassRead More »
The first stage of almost every successful penetration test is the reconnaissance phase. During this phase of an engagement we scour publicly accessible resources for information about the target that will provide insight and direction for later phases. We look for information that was made public intentionally, and sometimes unintentionally, that tells us more about …
Last week I was able speak at MIRcon 2013 about how to use ModSecurity to discover attack activity and defend your environment. The presentation started out by discussing a fair bit of background information on ModSecurity and how it works. This was really important since ModSecurity can get a bit involved when setting it up. …
MIRcon 2013 – Analyzing Web Attacks with ModSecurityRead More »
In this series of posts we’re introducing staff members at Secure Ideas to give you a quick glimpse into our lives. The goal of these posts is for you to learn more about us. So reach out to us via email or twitter. We’d love to get to know you. Who am I: Jason Gillam, …