Project Mayhem to be Unleashed at Black Hat Abu Dhabi

For the last several months I’ve been performing research on techniques attackers could use for performing accounting fraud in popular accounting systems. This research coincides with a whitepaper that SecureState has developed entitled “Cash is King: Who’s Wearing Your Crown?” To perform this research I have collaborated with a coworker of mine, Brett Kimmell, who is the …

Project Mayhem to be Unleashed at Black Hat Abu Dhabi Read More »

Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication

In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests.  Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks.  First up are some techniques to use when conducting brute force attacks on websites …

Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication Read More »

Free Webinar July 12th: Android vs. Apple iOS Security Showdown

It’s not too late to register for my webinar on July 12th: Android vs. Apple iOS Security Showdown.  I’ll be taking a entertaining look at the current security posture of both platforms. I’ll be battling the Apple App Store vs. Google Play, device updates, MDMs, developer controls, security features and the current slew of vulnerabilities for both …

Free Webinar July 12th: Android vs. Apple iOS Security Showdown Read More »

SANS Mentor brings Security 542: Web App Penetration Testing and Ethical Hacking (GWAPT) to Cleveland

I’m proud to be teaching SANS Security 542 here in Cleveland through the SANS Mentor Program beginning in August.  The SANS Mentor Program allows you to save thousands on your training budget and still experience live SANS training on the GWAPT classes – live training without traveling! COURSE DETAILS: Security 542: Web App Penetration Testing …

SANS Mentor brings Security 542: Web App Penetration Testing and Ethical Hacking (GWAPT) to Cleveland Read More »

Three Areas You Need To Test When Assessing Mobile Applications

Having spoken at both at the SANS Mobile Device Security Summit as well as OWASP AppSec DC recently about testing mobile applications I’ve encountered that like the old saying goes “There are many ways to skin a cat”, there are also many ways to assess a mobile application.  I’ve seen very detailed testing methodologies, not …

Three Areas You Need To Test When Assessing Mobile Applications Read More »