about joe

My name is Joe Basirico, by day I help people build secure software. I lead a team of the most talented security experts in the world at Security Innovation to perform security assessments and help our customers reduce their risk against the ever-present threat of hackers and other ne'er-do-wells.

I started a non-profit, Technically Learning, a few years ago with the help of some friends to help kids, particularly girls and minorities, get excited about the STEM fields. Technically Learning recently merged with code.org an amazing new non-profit looking to bring Computer Science to all public schools in the US.

On this site you'll find links to all of my projects, programming projects, research, a blog and more. Learn more about me »

9/3/2015 - Posted by joe

I was pretty disappointed after reading Mary Ann Davidson's blog post discouraging customers from reverse engineering their software for any reason. As CSO of Oracle, one of the largest software providers in the world, I expected her thoughts on security researchers and responsible disclosure to be more enlightened. Instead I saw a glib response that echoed sentiment from the turn of the last century.

The post has since been removed from Oracle's official blog, which shows that while this may be their internal policy and thinking, the company understands it isn't popular to hold such opinions. Because nothing can be deleted from the internet, and because of the Streisand effect, ...

read more...
6/3/2015 - Posted by joe

We've been getting a lot of Ruby on Rails Penetration tests and code reviews at Security Innovaiton, and I've been writing a decent amount of it myself. In general it's a great framework, but like any other framework there are a few little gotchas that could lead to a security vulnerability. A colleague of mine, Arvind, wrote a great blog post on the Security Innovaiton blog in which he outlined a few of these check that out here.

I also came across this on a blog post in this case using open('|[my-command]') will ...

read more...
11/8/2014 - Posted by joe

This guide may help you install some required and some helpful settings on a new mac. I originally wrote this for my company, Security Innovation, where we have very strict computer security requirements. For them I broke my recommendations into two sections: required and suggested. Everything in the required section is well, required, for the SI policy. Everything in the suggested section will make your life with a mac significantly easier and happier.

Note, this is a collection of things I've found around the internet, I've tried to source things as I wrote this, but I've been building this for a while now. One thing I reference frequently for my own use is this great guide from ...

read more...