Application Security
-
OWASP guide v4 application testing checklist-tracker
This is a simple tracker I have created to facilitate the process of appetising so I do not lose myself…
-
Doxygen & PHP static code analysis call graphs
This post is more to document my own “discovery” and not to get into the loop of researching the same…
-
Fix the problem, not just point at it – thoughts on the “bug hunting” initiatives etc.
I have been thinking a lot about the fact that the panetesting, sourco code reviews and all those security assurance…
-
HTTP Basic Authentication Dictionary and Brute-force attacks with Burp Suite
HTTP Basic Authentication brief explanation HTTP supports several authentication mechanisms. Upon a request for resource within a protected space the…
-
Security source code review scoping questionnaire – v 2
Here is amended version of the security source code review questionnaire. I added couple of questions and reworded couple of…
-
Web application security assessment scoping questionnaire
I’ve got frustrated couple of days ago when I needed to send quickly a scoping questionnaire focusing on web application…
-
Security source code review scoping questionnaire
Usually when a customer comes with request for security source code review one of the main questions is “How long…
-
SWFInvestigator – a new tool for testing SWF files
Three days ago Adobe Labs surprised me with a beta version of their opensource Air application for SWF analysis called…
-
BITS issues Software Assurance Framework
BITS is The Financial Services Roundtable technology division. At the end of January 2012 BITS issued a document containing detailed…
-
MITRE issued their perspective on most dangerous software errors
Software is everywhere those days, and unfortunately bad codding practices together with tight schedules and demanding market brings tones of…
Recent Posts
Tags
bruteforce bug bounty bug hunting Burp Suite d3 data leak data recovery dictionary entropy pool fix fuzzing hackaday image processing Journalistic tools log analysis malware mindmap online courses Practical Reverse Engineering randomness sandbox skype SQL injection SSL technical visualisaiton visualisation Vulnerability Management Wanda the fish Zeus