Knowing where to start in the penetration testing world is very difficult and largely inconsistent. With so many options and tools available simply kicking off a scan of the network can require a considerable time investment. That is even truer in the relatively new world of mobile testing. Please only use the tools and methods discussed on systems that you […]
Just Trying to Host a Website So here I am trying host a personal website once I figured out a little bit about amazon in 2010. After a month or two of poking around and figuring out how to get the AMI I want running everything looks fine. I can now self host all the […]
Most organizations I’ve worked with often think they are concerned about security, but never actually do anything about it until right before the big production release when it’s often too late to actually make any major security changes before the big “Go/No-Go” decision. What if security was baked into our CI processes in order to […]
I understand the plight of senior executives, I really do. Most don’t have a software background and that makes it difficult for them to fully understand application security. But when security breeches are caused by basic, simple code vulnerabilities that can be found using readily available tools, it makes me wonder how serious businesses even […]
Coveros Partners with InfoZen on USCIS Transformation Integration Award Program will accelerate delivery of USCIS software projects Loudoun County, VA, August 28, 2014 — Coveros, Inc., the market leader in secure software development, today announced that it has partnered with InfoZen on the contract that was awarded 10/22/2013 with the performance start date of 2/4/2014 […]
The hunt for a tool to provide you some ability to scan and analyze mobile application code may not be as elusive as the Chupacabra any more. Kryptowire is a security testing tools designed specifically for testing Android and iOS native mobile applications. It provides a simple interface for analyzing source code developed locally […]
Kali Linux (http://www.kali.org) is a collection of free penetration testing and security auditing tools, all packaged into a single Linux distribution.
As one of our resident security guys, I thought I might write up a quick guide about what not to do with password management. As long as you build a website or web service, at some point you’re most likely going to have to store a password. Unfortunately for many developers out there (in organizations […]
One of the items on the 2013 OWASP Top Ten is “Using Components with Known Vulnerabilities.” It is new on this year’s list, debuting at number 9. OWASP lists at as being widespread and difficult to detect. The issue is that modern software is made up of dozens, if not hundreds, of third-party components. Even […]
Summary: Jeffrey Payne sat down with Noel Wurst to discuss a range of topics, including advice for teams that are attempting agile for the first time, the importance of clear communication between teams, and the ways that security testing has changed alongside modern technology. Complete Article: Agile Connection May 2 2013 article – Security Testing in […]
