Developers

Is My Application Illegal?

Mobile devices and applications are everywhere.  And we have seen tons of information, guides and what not on how to build successful businesses around the next big mobile application. There is even an article spreading around right now about how somebody learned how to program in 3 days and has released an amazing application. But …

Is My Application Illegal?Read More »

Comparing Authorization Levels with Burp’s Compare Site Map feature

Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …

Comparing Authorization Levels with Burp’s Compare Site Map featureRead More »

The Watering Hole: Is it Safe to Drink?

How many times have you been told you have a vulnerability that you just don’t understand  its relevancy?  Cross-Site scripting comes to mind for many people.   Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact.  Of course, we determine that …

The Watering Hole: Is it Safe to Drink?Read More »

Ninja Developers Webcast Trilogy Overview

Over the past three months, James Jardine and Kevin Johnson were featured in a webcast trilogy titled “Ninja Developers.”  The series was presented through the SANS Institute and an archive of each episode can be found on the SANS website (links provided below).  The purpose of the presentations is to reach out to developers and …

Ninja Developers Webcast Trilogy OverviewRead More »

Where in the RSA is Kevin?

So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will be presenting a two-day class Security 571 from SANS.  This course is a two day course about mobile device and application security.  As the …

Where in the RSA is Kevin?Read More »

WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler SetupRead More »

Ninja Developer Talk at Louisville Metro Infosec Conference

I recently attended, and spoke, at the Louisville Metro Infosec Conference (http://louisvilleinfosec.com/) in Kentucky.  The organizers did an excellent job putting this event together and I really enjoyed my time there.   My presentation was titled “Ninja Developers” and was focused on tools that developers can use to help them test for security vulnerabilities in their …

Ninja Developer Talk at Louisville Metro Infosec ConferenceRead More »

Scroll to Top