about joe

My name is Joe Basirico, by day I help people build secure software. I lead a team of the most talented security experts in the world at Security Innovation to perform security assessments and help our customers reduce their risk against the ever-present threat of hackers and other ne'er-do-wells.

I started a non-profit, Technically Learning, a few years ago with the help of some friends to help kids, particularly girls and minorities, get excited about the STEM fields. Technically Learning recently merged with code.org an amazing new non-profit looking to bring Computer Science to all public schools in the US.

On this site you'll find links to all of my projects, programming projects, research, a blog and more. Learn more about me »

6/3/2015 - Posted by joe

We've been getting a lot of Ruby on Rails Penetration tests and code reviews at Security Innovaiton, and I've been writing a decent amount of it myself. In general it's a great framework, but like any other framework there are a few little gotchas that could lead to a security vulnerability. A colleague of mine, Arvind, wrote a great blog post on the Security Innovaiton blog in which he outlined a few of these check that out here.

I also came across this on a blog post in this case using open('|[my-command]') will ...

11/8/2014 - Posted by joe

This guide may help you install some required and some helpful settings on a new mac. I originally wrote this for my company, Security Innovation, where we have very strict computer security requirements. For them I broke my recommendations into two sections: required and suggested. Everything in the required section is well, required, for the SI policy. Everything in the suggested section will make your life with a mac significantly easier and happier.

Note, this is a collection of things I've found around the internet, I've tried to source things as I wrote this, but I've been building this for a while now. One thing I reference frequently for my own use is this great guide from ...

9/22/2014 - Posted by joe

(Originally posted on the Security Innovation Blog)

Security Innovation's manifesto on being a trusted advisor

Each client has different backgrounds as well as a different depth of knowledge, experience, comfort, maturity, and trust. As trusted security advisors with genuine and heightened passion for helping our clients fundamentally improve their processes and build internal expertise, we take pride in delivering customized solutions that meet each company's needs. At its core, this goes beyond simply setting and meeting expectations reliably.

...