Diving Deeper into Mobile Penetration Testing Framework: AppUse

In the previous blog, I detailed a great starting point for mobile application testing— the AppUse framework—and highlighted its greatest pros and cons. This tool, created by AppSec-Labs, combines many additional tools to perform static and dynamic analysis of an application and the smartphone device that it runs. Remember, please only use the tools and […]

Read more
DevOpsDC: Developing a Continuous Delivery Tool Chain from the Bottom Up

Last week I was able to talk about some of my DevOps experiences at the March 2015 DevOpsDC Meetup. I told the story about how we took a project that was just starting Agile and was deploying a risky release to production every 6 months or so, and over 4+ years brought it to deploying […]

Read more
Easy Button for Testing of Mobile Devices and Apps: AppUse

Knowing where to start in the penetration testing world is very difficult and largely inconsistent. With so many options and tools available simply kicking off a scan of the network can require a considerable time investment. That is even truer in the relatively new world of mobile testing. Please only use the tools and methods discussed on systems that you […]

Read more
SecureCI 2014 Q4 Release

Introduction 2014 was a busy year, but we still managed to get another SecureCI™ released. All tools included in this SecureCI™ release, were updated, bringing the bundle up to date, and making many tools more user and out-of-the-box friendly. For those unaware, SecureCI™ is an integrated stack of tools that provides version control, wiki, project/issue […]

Read more
Defending Against SSH Brute Force Attacks

Just Trying to Host a Website So here I am trying host a personal website once I figured out a little bit about amazon in 2010. After a month or two of poking around and figuring out how to get the AMI I want running everything looks fine. I can now self host all the […]

Read more
From Naivety to Negligence

I understand the plight of senior executives, I really do.  Most don’t have a software background and that makes it difficult for them to fully understand application security.  But when security breeches are caused by basic, simple code vulnerabilities that can be found using readily available tools, it makes me wonder how serious businesses even […]

Read more
Using SecureCI Testing Framework for Mobile Devices

One of the new features of the 2013 Q4 Secure CI Release was the inclusion of a testing framework, optimized for web based browser testing. I’m continuing to make a few updates to the testing framework, but more than anything I’ve been discovering more and more uses for it. I’ve been working in the mobile […]

Read more
Mobile Application Testing with Kryptowire

The hunt for a tool to provide you some ability to scan and analyze mobile application code may not be as elusive as the Chupacabra any more.   Kryptowire is a security testing tools designed specifically for testing Android and iOS native mobile applications.  It provides a simple interface for analyzing source code developed locally […]

Read more
What Not To Do With Password Management

As one of our resident security guys, I thought I might write up a quick guide about what not to do with password management.  As long as you build a website or web service, at some point you’re most likely going to have to store a password.  Unfortunately for many developers out there (in organizations […]

Read more
X