Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these …
As security consultants, we regularly travel to clients’ sites and experience a wide range of environments and atmospheres. While some are better than others (and some much worse), it’s very common for the client to not be fully prepared when we arrive. This often results in delays, a less efficient use of the time we …
Autocomplete is always a fun topic to discuss…. ok maybe my idea of fun is not the normal idea. 🙂 During our web penetration testing, we often find where the client’s application allows the password or other sensitive information to be saved by the browser. When we find it, we often have push back from …
Autocomplete and actual risk: Why do we look at it? Read More »
I was recently conducting a wireless penetration test and was somewhat disappointed (but happy for our client) to find that they had a pretty well configured set of wireless networks. They were using WPA2 Enterprise and no real weaknesses that I could find in their setup. After conducting quite a bit of analysis on network …
Professionally Evil: This is NOT the Wireless Access Point You are
Looking For Read More »
How many times have you been told you have a vulnerability that you just don’t understand its relevancy? Cross-Site scripting comes to mind for many people. Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact. Of course, we determine that …