There will be a lot written about xz-util this week. I am not going to add to the hair-on-fire fray....
Read More
Much has changes and much has remained the same in the vulnerability assessment space....
Read More
POINT is a small company, just four employees, and I am the only tester. We do most of our wor...
Read More
Like many, I have parents. My mother and my father are still around and kicking, and we have a...
Read More
I finally got off my butt and decided what to do with this blog and the fifteen years of posts withi...
Read More
Seeing a couple of vulnerabilities that are higher risk than they used to be floating around out there. They are what the attackers are going after since the focus on AppSec from both backend and frontend libraries are preventing a lot of code injection errors (which is a good thing, don't get me wrong)...
Read More
When all finished with your testing, and have collected all the evidence, it is time for the report. The report is expressly in existence to make it easier for the development team to fix the bugs. A lot of people don't like reporting. I am distinctly not one of those people....
Read More
Test an application for vulnerabilities is just like testing an application for meeting the business...
Read More
Not too long ago, I was asked to do a technical interview for a set of tests. This isn't unhea...
Read More
A fun tool that finds weak Active Directory passwords, and then notifies the user.
https://github.co...
Read More
Pwn2Own had some interesting browser vulnerability results:
https://www.zerodayinitiative.com/blog/2...
Read More
Surprisingly good article from the BBC about firmware attacks
https://www.bbc.com/news/business-5667...
Read More