web app security

Announcing Burp Co2!

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool!  Over the past couple of months I have been using my Java skills and “free time” (lol) to build a collection of Burp extensions that have been dubbed “Co2”. Included in this version are a few useful modules.  The …

Announcing Burp Co2! Read More »

Webcast: Defending Against Web App Attacks Using ModSecurity

Later this month I will be presenting a free webcast on ModSecurity and how we can make better use of it.  This is going to be very close to the presentation that I gave at MIRcon 2013.  Some of the ideas that we’ll cover are from what we’ve been calling Tactical Security Ops.  In this …

Webcast: Defending Against Web App Attacks Using ModSecurity Read More »

Professionally Evil Software: Laudanum 1.0 release!

Secure Ideas is excited to announce the immediate release of Laudanum 1.0.  This open source project is designed to provide injectable files for use in exploitation. During a penetration test, we are often tasked with showing the risk a flaw, such as SQL injection, really poses.  Instead of building a custom script based on the …

Professionally Evil Software: Laudanum 1.0 release! Read More »

MIRcon 2013 – Analyzing Web Attacks with ModSecurity

Last week I was able speak at MIRcon 2013 about how to use ModSecurity to discover attack activity and defend your environment.  The presentation started out by discussing a fair bit of background information on ModSecurity and how it works.  This was really important since ModSecurity can get a bit involved when setting it up. …

MIRcon 2013 – Analyzing Web Attacks with ModSecurity Read More »

Scroll to Top