Month: January 2014

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for Healthcare

Later this month I will be presenting a free webcast:  “Vulnerabilities in Your Medical Practice: Security Testing for Healthcare”.  I’ll be talking about the HIPAA Security Rule, the potential impact at the practice level and actions that can be taken to comply with these requirements and protect your data. The webcast is scheduled for the …

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for Healthcare Read More »

Its more than Healthcare.gov: Lets fix the problem

There has been a lot of buzz around the Healthcare.gov website and the possible security vulnerabilities that it has.  While many people focus on the political side of the story, or just the vulnerabilities themselves, there is a bigger issue here.  An issue that spreads further than just Healthcare.gov or even government sites, but to …

Its more than Healthcare.gov: Lets fix the problem Read More »

HealthCare.gov: Basic Security Failures and IT Bloopers

Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business.  Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov.  As part of this review, Dave provided a …

HealthCare.gov: Basic Security Failures and IT Bloopers Read More »

Scary Web Services: Part 2

This post may seem timely in light of the recent Snapchat compromise.  Although Snapchat’s breach appears to be due to some poor assumptions around an “internal” Snapchat API, it is not the type of traditional web service that I was thinking about when I was planning this post.  This said, Snapchat’s API is still technically …

Scary Web Services: Part 2 Read More »

Webcast: Defending Against Web App Attacks Using ModSecurity

Later this month I will be presenting a free webcast on ModSecurity and how we can make better use of it.  This is going to be very close to the presentation that I gave at MIRcon 2013.  Some of the ideas that we’ll cover are from what we’ve been calling Tactical Security Ops.  In this …

Webcast: Defending Against Web App Attacks Using ModSecurity Read More »

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel

Secure Ideas is excited to announce that I will be speaking as part of a panel later this month.  On January 30th in Denver, Colorado, the Addressing the Real Issues Around Compliance in the Cloud panel will be held at Mile High Station.  This panel will run from 4pm to 6pm. Faced with HIPAA, PCI, FISMA …

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel Read More »

SamuraiWTF Training with Charlotte ISSA

Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd.  Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …

SamuraiWTF Training with Charlotte ISSA Read More »

Intercepting DNS

Recently during a penetration test, I discovered a Linksys WRT54G wireless router that had been installed on a customer’s network. Surprisingly, this device was accessible from the Internet with default credentials. Watching the client list, I noticed several clients connecting on & off throughout the day. We all know that this is bad, but how …

Intercepting DNS Read More »

Scroll to Top