Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business. Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov. As part of this review, Dave provided a …
HealthCare.gov: Basic Security Failures and IT Bloopers Read More »
Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd. Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …
One of the fun things about working at Secure Ideas are the conversations that we have about different technologies and platforms. One of my favorites are the ongoing discussion that Kevin and I have had about the Xbox Live platform and now the Xbox One. A bit before the Xbox One was released we decided …
Secure Ideas is very excited to be offering the first public run of our Secure Coding for Web Developers class. This is a class we have been running for our clients in various forms over the last couple of years and have been asked to run it in Denver on January 14th and 15th 2014. …
Secure Coding for Web Developers Class in Denver Read More »
SECURE IDEAS IS OFFERING A FREE SECURE CODING CLASS You see it the news all the time. Websites are getting hacked, data is being stolen, and revenue is lost. How are they committing these breaches? How does a website get hacked anyway? Come to a 3 hour technical workshop at Galvanize on December 20th to …
Secure Ideas is Offering a Free Secure Coding Class Read More »
In this series of posts we’re introducing staff members at Secure Ideas to give you a quick glimpse into our lives. The goal of these posts is for you to learn more about us. So reach out to us via email or twitter. We’d love to get to know you. Who am I: Jason Gillam, …
A large part of doing security consulting is providing proper mitigations and recommendations to our clients. Sure, the testing is the exciting part, but it is the recommendations that are going to have the greatest impact on our client’s security. It is our goal to help make the security posture better, not set a record …
As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security. I do this via a number of methods including consulting, penetration testing, training, and other services. But the foundation of what I do is explain the what, why, and how of information security. And …
Industry Issues: New Vulnerabilities and Marketing Problems Read More »
I have to say that I really enjoy doing the Professionally Evil Perspective (PEP) podcast with Kevin. It started as a crazy idea that I had a few months ago, and it is just as fun as I had hoped it would be. In this episode, we are joined by Nathan Sweaney, a Senior Security …
Professionally Evil Perspective podcast: Mobile Security Testing – Tips and Tools Read More »
Who am I: Thom Dosedel, Senior Security Consultant at Secure Ideas. What do I do at Secure Ideas: Like my fellow consultants, I participate in both internal and external penetration tests performing structured attacks on network, web, wireless, or mobile environments. We also perform architecture reviews, provide defense based analysis and recommendations. What is my …