Application Security

Laudanum by Example: Shell

Previously, I wrote a post providing a brief introduction to Laudanum.  If you haven’t read it, or don’t know what Laudanum is, I encourage you to read that post first (don’t worry, it is fairly short).  In this post, I am going to take a look at how Laudanum can be used.  Specifically, I am …

Laudanum by Example: Shell Read More »

Introduction to Laudanum

As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem.  The best consultants have the know-how to understand which tool to use in which scenario.  Imagine if during a penetration test I used SQLMap to look for CSRF …

Introduction to Laudanum Read More »

WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler Setup Read More »

Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for credentials to an application when discussing the penetration test.  The thought is that if we are testing the system like an attacker,   providing credentials is breaking …

Grey Box Penetration Testing Read More »

Ninja Developer Talk at Louisville Metro Infosec Conference

I recently attended, and spoke, at the Louisville Metro Infosec Conference ( in Kentucky.  The organizers did an excellent job putting this event together and I really enjoyed my time there.   My presentation was titled “Ninja Developers” and was focused on tools that developers can use to help them test for security vulnerabilities in their …

Ninja Developer Talk at Louisville Metro Infosec Conference Read More »

Scroll to Top