Where in the RSA is Kevin?

So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will be presenting a two-day class Security 571 from SANS.  This course is a two day course about mobile device and application security.  As the …

Where in the RSA is Kevin? Read More »

WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser to server architecture is fairly straight forward.  Setting up the proxy for a web browser is pretty straight forward.  Unfortunately, when we start getting out of the browser …

WinPhone 7: Fiddler Setup Read More »

Ninja Developer Talk at Louisville Metro Infosec Conference

I recently attended, and spoke, at the Louisville Metro Infosec Conference ( in Kentucky.  The organizers did an excellent job putting this event together and I really enjoyed my time there.   My presentation was titled “Ninja Developers” and was focused on tools that developers can use to help them test for security vulnerabilities in their …

Ninja Developer Talk at Louisville Metro Infosec Conference Read More »

ViewState XSS: What’s the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given technology, the better our test will be for our customers.  ASP.Net is no exception.  A recent post “ViewState XSS: What’s the Deal?” found at ( provides good insight into an attack …

ViewState XSS: What’s the Deal? Read More »

Scroll to Top