Application Security

Twelve Days of XSSmas

This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, to old (but still good) classic XSS tips, to scripts that make (or contribute to) interesting proof-of-concept payloads. Day 1 When building payloads …

Twelve Days of XSSmas Read More »

Spring Break without Breaking the Bank: Hands On Training

Over the last eight years, one of the main focuses of Secure Ideas has been education.  One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security.  This mindset and core passion of Secure Ideas is because we all …

Spring Break without Breaking the Bank: Hands On Training Read More »

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, I posted part one, which was Three C-Words of Web App Security: …

Three C-Words of Web App Security: Part 2 – CSRF Read More »

Professionally Evil Web Application Security Class Live in Charlotte NC

Are you a developer who wants to better understand web application security?  Are you a security practitioner who needs to delve into web app penetration testing? Well now you have your chance!  Come and learn how to hack web applications and services from our Professionally Evil experts! Secure Ideas is excited to announce the latest in our course …

Professionally Evil Web Application Security Class Live in Charlotte NC Read More »

Professionally Evil Web App Pen Testing 101 Course

UPDATE: Updated the done steps. below.  Also changed the links from S3 to Git. Since our founding in 2010 Secure Ideas has always tried to focus on education and increasing the amount of available knowledge in our field.   As such we have contributed to courses, presented at conferences around the world and contributed to open …

Professionally Evil Web App Pen Testing 101 Course Read More »

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH

Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise wireless networks is to use a combination of PEAP (Protected EAP) and EAP-TTLS (Tunneled Transport Layer Security). Though this configuration solves several issues found in other configurations, it (sometimes) also has its own fatal flaw. If a client …

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH Read More »

SamuraiWTF 3.2 RELEASED!

We are really excited to announce that SamuraiWTF 3.2 is now available publicly.  This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the …

SamuraiWTF 3.2 RELEASED! Read More »

Professionally Evil Training Event: Multiple classes being offered in Orlando FL April 6-9 2015

Secure Ideas is very excited to announce their training event for April.  We have worked with the Core Group and TrustedSec to create an event that covers a wide variety of training needs. The event is April 6-9th 2015 and will be held at the Palms International Resort. We are in the process of getting …

Professionally Evil Training Event: Multiple classes being offered in Orlando FL April 6-9 2015 Read More »

Scroll to Top