This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, to old (but still good) classic XSS tips, to scripts that make (or contribute to) interesting proof-of-concept payloads. Day 1 When building payloads …
ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping stone in your cybersecurity career. Traditionally, students have two different options to gain this certification; self-study or a bootcamp. Both …
Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »
I have been involved in IT and security in one way or another for almost 30 years. I have worked full time for organizations and consulted in a wide variety of jobs and responsibilities. But one of the common issues I have seen and been part of is having a handle on what all of …
Finding Your Weakness: Triaging Your Domains with SWAT Read More »
It is that time of year and we need to be ready for the fraudsters to be out in full effect. The holidays are approaching and it is a time for joy for most. Unfortunately, the Grinches are working just as hard as Santa to effect your holiday cheer. Here are few things to keep …
Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing. This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course. In this 2 hour course, James …
Professionally Evil Courses: Ride Along Penetration Testing Read More »
If you are paying attention to the news, security is a big topic. At least that’s what CNN and the Wall Street Journal think. And I would happen to agree. (I may be a bit biased!) But even with things like Heartbleed and 0-day flaws in IE, we still commonly hear from small businesses that …
At Secure Ideas, we work with a large number of organizations. These range from small mom-and-pop businesses to international corporations and government agencies. In any of these examples, we find that CIOs and management make the same mistakes when it comes to dealing with their security issues. When people talk about security and risk, we …
Is that a Shark? — Common Security Mistakes Organizations Make Read More »
Wow, I can’t believe how long this release has been in the making. a couple of years ago, we were honored to be allowed to build MobiSec under the DARPA CyberFast Track process. We released the first two version quickly after that. Then at DerbyCon last year, we offered our MobiSec course for the first …
Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing. This course will be held on March 11th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course. In this 2 hour course, …
Professionally Evil Courses: Ride Along Penetration Testing Read More »
Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business. Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov. As part of this review, Dave provided a …
HealthCare.gov: Basic Security Failures and IT Bloopers Read More »