How to configure Android (Virtual) for Mobile PenTest
This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test.
Secure Ideas
Encryption – CISSP Domain 3
We’re circling back to some more CISSP-related materials. Today’s topic will be encryption, which can be found in CISSP Domain 3. By its very nature, encryption is meant to hide the meaning or intent of a communication from unintended recipients. This process takes place when a message is converted from plain text (text that is …
Encoding – CISSP Domain 3
Today we’re going to take a quick look at encoding, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between encoding and encryption, so one of the purposes of this article is to look at how the CBK defines encoding. Encoding is the action of changing …
Welcome to the New Secureideas.com
We are excited to announce the launch of the new Secure Ideas website. It is located at the same url: https://www.secureideas.com. We hope you like our new look, designed to help you learn more about us and find the services that you need. Our performant site is compatible with tablets and smartphones, so you can …
Twelve Days of XSSmas
This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, to old (but still good) classic XSS tips, to scripts that make (or contribute to) interesting proof-of-concept payloads. Day 1 – Template Literals …
Professionally Evil CISSP Certification: Breaking the Bootcamp Model
ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping stone in your cybersecurity career. Traditionally, students have two different options to gain this certification; self-study or a bootcamp. Both …
Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »
Finding Your Weakness: Triaging Your Domains with SWAT
I have been involved in IT and security in one way or another for almost 30 years. I have worked full time for organizations and consulted in a wide variety of jobs and responsibilities. But one of the common issues I have seen and been part of is having a handle on what all of …
Finding Your Weakness: Triaging Your Domains with SWAT Read More »
Beware of Holiday Scams
It is that time of year and we need to be ready for the fraudsters to be out in full effect. The holidays are approaching and it is a time for joy for most. Unfortunately, the Grinches are working just as hard as Santa to effect your holiday cheer. Here are few things to keep …
Professionally Evil Courses: Ride Along Penetration Testing
Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing. This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course. In this 2 hour course, James …
Professionally Evil Courses: Ride Along Penetration Testing Read More »
Too Small to Hack: Small Business and Security
If you are paying attention to the news, security is a big topic. At least that’s what CNN and the Wall Street Journal think. And I would happen to agree. (I may be a bit biased!) But even with things like Heartbleed and 0-day flaws in IE, we still commonly hear from small businesses that …