Introducing the Shared Security Weekly Blaze Podcast

As many of you may know, I’ve been co-hosting the Shared Security Podcast (formally known as the Social Media Security Podcast) with my fabulous co-host Scott Wright from Security Perspectives Inc. We’ve been recording this podcast every month (mostly) since 2009 and over the years we’ve had feedback from many of our listeners that they’ve always …

Introducing the Shared Security Weekly Blaze Podcast Read More »

Using Technology to Defend Digital Privacy & Human Rights – Presentation Notes

If you attended my talk “Using Technology to Defend Digital Privacy & Human Rights”, thank you! Here’s a list of supplemental material discussed during the presentation as well as where you can find out additional information about the topics covered. I’m happy to answer any questions that you might have via Twitter, Facebook or LinkedIn. …

Using Technology to Defend Digital Privacy & Human Rights – Presentation Notes Read More »

Top 5 Attack Vectors Report: Defend It Before You Hack It

Each year my team conducts hundreds of Penetration Tests in a wide variety of industries, ranging from Healthcare to Retail, Finance to Manufacturing, and many more. The team analyzed data collected from each of our penetration tests at SecureState since 2011 and found common themes in the methods of compromise utilized to break into organizations and compromise …

Top 5 Attack Vectors Report: Defend It Before You Hack It Read More »

Teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13

Just a quick update to let everyone know that I’ll be teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13th through the Community SANS program.  This is a fantastic 6 day class with lots of hands-on exercises, sharing of my real world web app testing experiences and a Capture …

Teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13 Read More »

Presenting at SANS 2013 in Orlando Next Week

I’ll be at SANS 2013 in Orlando this weekend assisting Kevin Johnson with his SEC542: Web App Penetration Testing & Ethical Hacking class and giving two SANS@Night presentations: Social Zombies: Rise of the Mobile Dead w/Kevin Johnson – Monday, March 11th, 7:15pm – 8:15pm “Hall of Shame” Apps in the Apple App Store and Google Play – Wednesday, …

Presenting at SANS 2013 in Orlando Next Week Read More »

Project Mayhem to be Unleashed at Black Hat Abu Dhabi

For the last several months I’ve been performing research on techniques attackers could use for performing accounting fraud in popular accounting systems. This research coincides with a whitepaper that SecureState has developed entitled “Cash is King: Who’s Wearing Your Crown?” To perform this research I have collaborated with a coworker of mine, Brett Kimmell, who is the …

Project Mayhem to be Unleashed at Black Hat Abu Dhabi Read More »

Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication

In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests.  Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks.  First up are some techniques to use when conducting brute force attacks on websites …

Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication Read More »

Free Webinar July 12th: Android vs. Apple iOS Security Showdown

It’s not too late to register for my webinar on July 12th: Android vs. Apple iOS Security Showdown.  I’ll be taking a entertaining look at the current security posture of both platforms. I’ll be battling the Apple App Store vs. Google Play, device updates, MDMs, developer controls, security features and the current slew of vulnerabilities for both …

Free Webinar July 12th: Android vs. Apple iOS Security Showdown Read More »