Application security October 26, 2011 Arvind Doraiswamy Blind SQL Injection 1.0 – Attack Anatomy Skillset Labs walk you through infosec tutorials, step-by-step, with over 30 hands-on penetration testing labs available for FREE! ...
General security October 24, 2011 Infosec A History of Anonymous Anonymous is the most famous 'hacktivist' group in the world. The informal nature of the group makes its mechanics difficult to define. Subsequently, without...
Application security October 18, 2011 Dan Morrill Understanding the implications of Facebook Connect and OAuth Over the last month there has been a minor if interesting discussion about the use of Facebook Connect and the idea that it does not delete cookies when you...
General security October 18, 2011 Infosec Cracking Democracy – Hacking Electronic Voting Machines Communications around the world are gradually going digital. I was born in 1984. I would expect, if I entered a typical office workplace that year, to find...
Application security October 18, 2011 Mark Wireman SQL Injection: The Equal Opportunity Vulnerability Introduction In the first installment of this series, we discussed application security within the Software Development Process by demystifying the adoption...
Reverse engineering October 13, 2011 Nicolas Krassas Android malware analysis The advance in technology brought us mobile phones with almost the same power and features as our personal computers. Something that criminal minds will find...
Application security October 12, 2011 Arvind Doraiswamy HTTP Response Splitting Attack In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we're clear about how it works, because it is an...
Exploit development October 10, 2011 Stephen Bradshaw Egghunter Exploitation Tutorial This tutorial will cover the process of writing a buffer overflow exploit for a known vulnerability in the Vulnserver application. This is the fifth article...
CISSP September 30, 2011 Kenneth Magee (ISC)2 CISSP requirements and exam changes on January 1, 2012 (ISC)2 is making several changes to the CISSP exam effective January 1st, 2012. This language was found on the ISC2 website; (ISC)² CBK Domain Name Changes...
Application security August 5, 2011 Mark Wireman Application Security, Deconstructed and Demystified Security professionals have all heard, read, and in some instances, directly felt the impact of insecure or vulnerable applications. Whether they originate...