Gone Phishing

Many organizations do not include phishing in their annual penetration tests, as they believe that most phishing emails will be stopped by their email filtering solutions.  Any “phishy” emails that get through will likely be clicked on by their employees but stopped by anti-virus or web filtering controls.  These controls are good, but they typically …

Gone PhishingRead More »

Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for credentials to an application when discussing the penetration test.  The thought is that if we are testing the system like an attacker,   providing credentials is breaking …

Grey Box Penetration TestingRead More »

How To: Encrypting Mac Mail

As a security consultant, frequently traveling, it is critical to implement security controls to protect sensitive data on my computer.  One of the most often overlooked data is locally stored email.  A quick search on the web identified some good ways to encrypt the Mac Mail store.  A great resource that I found was an …

How To: Encrypting Mac MailRead More »

Ninja Developer Talk at Louisville Metro Infosec Conference

I recently attended, and spoke, at the Louisville Metro Infosec Conference (http://louisvilleinfosec.com/) in Kentucky.  The organizers did an excellent job putting this event together and I really enjoyed my time there.   My presentation was titled “Ninja Developers” and was focused on tools that developers can use to help them test for security vulnerabilities in their …

Ninja Developer Talk at Louisville Metro Infosec ConferenceRead More »

DerbyCon Wrap Up

Its a wrap!  DerbyCon has ended for the Secure Ideas crew and we are all headed home.  While a few team members are flying out, the rest of us are driving back to Jacksonville, FL.  With 6 hours left on this trip, what better time to talk about DerbyCon.  First, let me say that the …

DerbyCon Wrap UpRead More »

DerbyCon Bound

So the Secure Ideas staff is pretty excited to be headed to DerbyCon even though Jason is the only one smart enough to fly there. (James, Kevin, Tony and Nolan are driving the 13 hours from Jacksonville) This is the second year that Secure Ideas has sponsored the conference and the first where the entire consulting staff …

DerbyCon BoundRead More »

ViewState XSS: What’s the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given technology, the better our test will be for our customers.  ASP.Net is no exception.  A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack …

ViewState XSS: What’s the Deal?Read More »

Scroll to Top