Where in the RSA is Kevin?

So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will be presenting a two-day class Security 571 from SANS.  This course is a two day course about mobile device and application security.  As the …

Where in the RSA is Kevin? Read More »

Grab a CORS Light

Many of you already know that any cross-site HTTP requests invoked from scripts running within a browser are restricted by the Same-Origin-Policy.  Basically this means that any cross-site HTTP requests, such as XMLHttpRequest, are only allowed to make requests to the same domain that the page was loaded from, and not to any other domains.  …

Grab a CORS Light Read More »

WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler Setup Read More »

Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by “open” I am including both unauthenticated as well as file shares that allow any authenticated user.  It certainly makes sense for organizations to have file shares that are accessible to all employees …

Finding the Leaks Read More »

Happy New Years!

As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year.  We also thought it would be fun to do a quick review of the year, with each of our staff including their thoughts.  So here goes…. What a great second year for Secure Ideas! …

Happy New Years! Read More »

Scroll to Top