WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler SetupRead More »

Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by “open” I am including both unauthenticated as well as file shares that allow any authenticated user.  It certainly makes sense for organizations to have file shares that are accessible to all employees …

Finding the LeaksRead More »

Happy New Years!

As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year.  We also thought it would be fun to do a quick review of the year, with each of our staff including their thoughts.  So here goes…. What a great second year for Secure Ideas! …

Happy New Years!Read More »

Gone Phishing

Many organizations do not include phishing in their annual penetration tests, as they believe that most phishing emails will be stopped by their email filtering solutions.  Any “phishy” emails that get through will likely be clicked on by their employees but stopped by anti-virus or web filtering controls.  These controls are good, but they typically …

Gone PhishingRead More »

Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for credentials to an application when discussing the penetration test.  The thought is that if we are testing the system like an attacker,   providing credentials is breaking …

Grey Box Penetration TestingRead More »

Scroll to Top