web penetration testing

Is My Application Illegal?

Mobile devices and applications are everywhere.  And we have seen tons of information, guides and what not on how to build successful businesses around the next big mobile application. There is even an article spreading around right now about how somebody learned how to program in 3 days and has released an amazing application. But …

Is My Application Illegal? Read More »

Burp Co2 Update v0.5 adds a Name Mangler module!

I’m excited to announce another addition to the Burp Co2 extension bundle in v0.5 of Burp Co2 (download):  The “Name Mangler”. Ever found yourself working on a web pen test for an organization where you have gathered a list of users and suspect a username harvesting vulnerability but have not yet worked out the username format …

Burp Co2 Update v0.5 adds a Name Mangler module! Read More »

Professionally Evil Courses: Ride Along Penetration Testing

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing.  This course will be held on March 11th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course.  In this 2 hour course, …

Professionally Evil Courses: Ride Along Penetration Testing Read More »

Announcing Burp Co2!

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool!  Over the past couple of months I have been using my Java skills and “free time” (lol) to build a collection of Burp extensions that have been dubbed “Co2”. Included in this version are a few useful modules.  The …

Announcing Burp Co2! Read More »

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for Healthcare

Later this month I will be presenting a free webcast:  “Vulnerabilities in Your Medical Practice: Security Testing for Healthcare”.  I’ll be talking about the HIPAA Security Rule, the potential impact at the practice level and actions that can be taken to comply with these requirements and protect your data. The webcast is scheduled for the …

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for Healthcare Read More »

Its more than Healthcare.gov: Lets fix the problem

There has been a lot of buzz around the Healthcare.gov website and the possible security vulnerabilities that it has.  While many people focus on the political side of the story, or just the vulnerabilities themselves, there is a bigger issue here.  An issue that spreads further than just Healthcare.gov or even government sites, but to …

Its more than Healthcare.gov: Lets fix the problem Read More »

Scary Web Services: Part 2

This post may seem timely in light of the recent Snapchat compromise.  Although Snapchat’s breach appears to be due to some poor assumptions around an “internal” Snapchat API, it is not the type of traditional web service that I was thinking about when I was planning this post.  This said, Snapchat’s API is still technically …

Scary Web Services: Part 2 Read More »

SamuraiWTF Training with Charlotte ISSA

Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd.  Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …

SamuraiWTF Training with Charlotte ISSA Read More »

Professionally Evil Software: Laudanum 1.0 release!

Secure Ideas is excited to announce the immediate release of Laudanum 1.0.  This open source project is designed to provide injectable files for use in exploitation. During a penetration test, we are often tasked with showing the risk a flaw, such as SQL injection, really poses.  Instead of building a custom script based on the …

Professionally Evil Software: Laudanum 1.0 release! Read More »

Professionally Evil Training: Tactical Burp Suite Webinar

Tactical Burp Suite Webinar Secure Ideas is excited to announce its latest upcoming online training.  We will be offering a two-hour session exploring Burp Suite and its use in a web application penetration test.  Kevin Johnson and James Jardine will explore the various features of Burp Suite, focused on how we use the system during …

Professionally Evil Training: Tactical Burp Suite Webinar Read More »

Scroll to Top