Finding Your Inner Evildoer (2/4): Complete Knowledge of the System
In the previous post I described an overview of the three traits I look for in great security testers: Complete Knoweldge of the System, A Good Imagination, and An Evil Streak. ...
Continuous Incremental, Personal Improvement
I am an optimizer. I try to optimize nearly everything in my life. This, I think, is why I tend to spend so much time on personal productivity, time management and other persona...
Finding Your Inner Evildoer: Part 1
As a Security Tester, or hacker, I have one of the most exciting and creative jobs in the industry. We are asked to find as many critical security vulnerabilities in complex sof...
CISCO Password Revealer
I haven’t had much luck with any CISCO clients on the mac. Inevitably clients will send me a CISCO profile configurations that I can’t easily use on my mac. I went searching for...
Which is More Secure: Windows or Linux?
Somebody on LinkedIn asked the above question to a group I’m part of. I decided to answer it thinking “Oh, I can chime in with a quick little answer”, but the more I wrote the m...
The High Cost of an Application Security Data Breach
In the wake of the Sony Security Breaches (breaches, you say? As in plural? Yes, read on for more information) I decided to update some of our instructor led training slide deck...
Using the ConfigurationManager to Access your ConnecitonStrings in the Web.Config
This is just a quick post because I couldn’t find this information easily available on other sites. I knew there was a quick way to access the connection strings from the web.co...
When is it OK to Build up Technical Debt
As I previously mentioned I’ve been writing a bit of Ruby on Rails. I’m surprised at how quickly I can slap something together and get results, especially prototypes, up and run...