web app security

Professionally Evil Courses: Ride Along Penetration Testing

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing.  This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course.  In this 2 hour course, James …

Professionally Evil Courses: Ride Along Penetration Testing Read More »

Professionally Evil Web Penetration Testing Class

Ever thought about being able to test the security of your web applications? Wanted to know how the Professionally Evil hack web services and applications?  Interested in upgrading your skills around attacking modern web applications? Well now you have your chance! Secure Ideas is excited to announce the latest in our course offerings.  We will be …

Professionally Evil Web Penetration Testing Class Read More »

Secure Coding for Developers at Kingston MakerSpace, May 5-6

I’m excited to announce that I will be returning to my hometown of Kingston, Ontario to teach a two-day, hands-on Secure Coding course at Kingston MakerSpace, May 5-6, 2014.  This course is geared towards software developers who want to learn the details of common web application attacks and what coding strategies to use to properly …

Secure Coding for Developers at Kingston MakerSpace, May 5-6 Read More »

Is My Application Illegal?

Mobile devices and applications are everywhere.  And we have seen tons of information, guides and what not on how to build successful businesses around the next big mobile application. There is even an article spreading around right now about how somebody learned how to program in 3 days and has released an amazing application. But …

Is My Application Illegal? Read More »

Decoding Security Jargon

If you pick up just about any security textbook it will begin by describing security using terms such as threats, risks, vulnerabilities, exposures, agents, and so on.  These terms are fine for discussions between security professionals who agree on the definitions.  However, I find they are often too technical when striking up a conversation with …

Decoding Security Jargon Read More »

Burp Co2 Update v0.5 adds a Name Mangler module!

I’m excited to announce another addition to the Burp Co2 extension bundle in v0.5 of Burp Co2 (download):  The “Name Mangler”. Ever found yourself working on a web pen test for an organization where you have gathered a list of users and suspect a username harvesting vulnerability but have not yet worked out the username format …

Burp Co2 Update v0.5 adds a Name Mangler module! Read More »

Professionally Evil Courses: Ride Along Penetration Testing

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing.  This course will be held on March 11th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course.  In this 2 hour course, …

Professionally Evil Courses: Ride Along Penetration Testing Read More »

Announcing Burp Co2!

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool!  Over the past couple of months I have been using my Java skills and “free time” (lol) to build a collection of Burp extensions that have been dubbed “Co2”. Included in this version are a few useful modules.  The …

Announcing Burp Co2! Read More »

Webcast: Defending Against Web App Attacks Using ModSecurity

Later this month I will be presenting a free webcast on ModSecurity and how we can make better use of it.  This is going to be very close to the presentation that I gave at MIRcon 2013.  Some of the ideas that we’ll cover are from what we’ve been calling Tactical Security Ops.  In this …

Webcast: Defending Against Web App Attacks Using ModSecurity Read More »

Professionally Evil Software: Laudanum 1.0 release!

Secure Ideas is excited to announce the immediate release of Laudanum 1.0.  This open source project is designed to provide injectable files for use in exploitation. During a penetration test, we are often tasked with showing the risk a flaw, such as SQL injection, really poses.  Instead of building a custom script based on the …

Professionally Evil Software: Laudanum 1.0 release! Read More »

Scroll to Top