security testing

Is My Application Illegal?

Mobile devices and applications are everywhere.  And we have seen tons of information, guides and what not on how to build successful businesses around the next big mobile application. There is even an article spreading around right now about how somebody learned how to program in 3 days and has released an amazing application. But …

Is My Application Illegal? Read More »

Its more than Healthcare.gov: Lets fix the problem

There has been a lot of buzz around the Healthcare.gov website and the possible security vulnerabilities that it has.  While many people focus on the political side of the story, or just the vulnerabilities themselves, there is a bigger issue here.  An issue that spreads further than just Healthcare.gov or even government sites, but to …

Its more than Healthcare.gov: Lets fix the problem Read More »

Professionally Evil Toolkit – Recon-ng

The first stage of almost every successful penetration test is the reconnaissance phase. During this phase of an engagement we scour publicly accessible resources for information about the target that will provide insight and direction for later phases. We look for information that was made public intentionally, and sometimes unintentionally, that tells us more about …

Professionally Evil Toolkit – Recon-ng Read More »

DerbyCon 2013 Wrap Up

Another year and another awesome conference put on by Dave Kennedy and his team.  DerbyCon never lets down and is getting better every year.   This year also brought in training classes before the conference that were an excellent addition.  Kevin and James taught the Assessing and Exploiting Mobile Applications with OWASP MobiSec and the …

DerbyCon 2013 Wrap Up Read More »

We Can’t Rely on the Browser for Protection

 A large part of doing security consulting is providing proper mitigations and recommendations to our clients.  Sure, the testing is the exciting part, but it is the recommendations that are going to have the greatest impact on our client’s security.  It is our goal to help make the security posture better, not set a record …

We Can’t Rely on the Browser for Protection Read More »

Comparing Authorization Levels with Burp’s Compare Site Map feature

Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …

Comparing Authorization Levels with Burp’s Compare Site Map feature Read More »

SIAM: Custom Testing Machines

Secure Ideas recently made the decision to create custom machines that we could use for penetration testing engagements.  These machines, called SIAMs, are the Secure Ideas Attack Machines.  The machines are custom configured with many different tools that we use during penetration tests and also some of the more common distributions such as Kali Linux, …

SIAM: Custom Testing Machines Read More »

Scroll to Top