Jason Gillam

Jason Gillam is a Principal Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com

Professionally Evil Courses: Mobile PenTesting with MobiSec

Secure Ideas is excited to announce that Jason Gillam will be teaching Mobile PenTesting with MobiSec at Charlotte ISSA 10th Annual Infosec Summit.  Kevin Johnson, one of the course authors, may be available on the second day. In this hands-on, lab driven course students will be taught a methodology and series of techniques used to perform penetration …

Professionally Evil Courses: Mobile PenTesting with MobiSecRead More »

Burp Co2 Update v0.5 adds a Name Mangler module!

I’m excited to announce another addition to the Burp Co2 extension bundle in v0.5 of Burp Co2 (download):  The “Name Mangler”. Ever found yourself working on a web pen test for an organization where you have gathered a list of users and suspect a username harvesting vulnerability but have not yet worked out the username format …

Burp Co2 Update v0.5 adds a Name Mangler module!Read More »

Are we a Target?

2014 has started out with a bang in terms of publicly disclosed compromised systems.  We entered the year with a slew of privacy events starting with Target’s massive breach, followed by other retailers such as Neiman Marcus and Michael’s and a current investigation with lodging and food services giant White Lodging.  The Syrian Electronic Army (SEA) has …

Are we a Target?Read More »

Announcing Burp Co2!

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool!  Over the past couple of months I have been using my Java skills and “free time” (lol) to build a collection of Burp extensions that have been dubbed “Co2”. Included in this version are a few useful modules.  The …

Announcing Burp Co2!Read More »

Scary Web Services: Part 2

This post may seem timely in light of the recent Snapchat compromise.  Although Snapchat’s breach appears to be due to some poor assumptions around an “internal” Snapchat API, it is not the type of traditional web service that I was thinking about when I was planning this post.  This said, Snapchat’s API is still technically …

Scary Web Services: Part 2Read More »

SamuraiWTF Training with Charlotte ISSA

Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd.  Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …

SamuraiWTF Training with Charlotte ISSARead More »

Target Security Breached: What You Need to Know

All it takes is one big nasty security breach and the whole world will be watching you through a microscope.  Minneapolis-based Target Corporation (NYSE: TGT) issued a press release this past Thursday confirming that 40 million credit and debit card accounts may have been compromised between Nov. 27 and Dec. 15, 2013.  When I first …

Target Security Breached: What You Need to KnowRead More »

Web App Pre-Flight

I think that it is because of my background in software development that I am passionate about integrating security testing with the SDLC (Software/Systems Development Life Cycle).  Or perhaps it’s just that watching development teams push untested code to production grates on my nerves worse than nails on a chalkboard.  Whatever the case, security testing …

Web App Pre-FlightRead More »

Scroll to Top