Secure Ideas

HealthCare.gov: Basic Security Failures and IT Bloopers

Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business.  Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov.  As part of this review, Dave provided a …

HealthCare.gov: Basic Security Failures and IT Bloopers Read More »

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel

Secure Ideas is excited to announce that I will be speaking as part of a panel later this month.  On January 30th in Denver, Colorado, the Addressing the Real Issues Around Compliance in the Cloud panel will be held at Mile High Station.  This panel will run from 4pm to 6pm. Faced with HIPAA, PCI, FISMA …

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel Read More »

Tactical Burp Suite Webinar

We have decided to try something new here at Secure Ideas.  We have a long history (as long as the company actually) of doing webcasts and presentations around the country.  (And we plan on continuing those!)  But we thought maybe we could start doing some of our own.  So we have recently signed up with …

Tactical Burp Suite Webinar Read More »

Professionally Evil Perspective Podcast – Methodology Continues with Discovery

James and I recorded the next episode of the Professionally Evil Perspective podcast this morning.  In it we get back to walking through the methodology that we use during a web application penetration test.  We had covered recon and mapping, so in this episode we go through the third step; discovery! James and I discuss …

Professionally Evil Perspective Podcast – Methodology Continues with Discovery Read More »

Comparing Authorization Levels with Burp’s Compare Site Map feature

Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …

Comparing Authorization Levels with Burp’s Compare Site Map feature Read More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) Attacks Read More »

Scroll to Top