Blog (Default)

Apr 25th, 2013

Comments: 0
Category: Uncategorized
Read More

Can’t we do better than “We use SSL”?

I was reading the security page for another new product today and it struck my how amazingly disappointed I am that we’re still at the stage that the best companies can say about their security is “Trust us we hold all your data securely, and we use military grade SSL” or words to that effect. […]

Apr 25th, 2013

Comments: 0
Category: Uncategorized
Read More

B-Sides Pentest Automation Talk

We were at B-Sides London yesterday.  It all went really well and had a great turn out.  The new venue was good as well.  We didn’t get to see too many of the talks unfortunately as we were delivering a Workshop in the morning and I had my talk in the afternoon. As with most […]

Mar 24th, 2013

Comments: 0
Category: Uncategorized
Read More

Three Lines

We’ve decided that the results/recommendations coming out of most of the Internal Security Reviews we do can be summarised in three lines. a)  Patch everything.  Not just Windows – everything. b)  Change default credentials.  Don’t leave your main router with creds of admin/admin c) Get rid of clear text protocols.  Ditch telnet for SSH and […]

Mar 21st, 2013

Comments: 0
Category: Penetration Testing
Read More

Tools of the trade – USB powered Switches

As a bit of a tech geek I have a tendency to pick up a variety of pieces of hardware and software to see if they’ll be useful on tests.  One of my more successful purchases has been a USB powered Ethernet switch that handles PoE pass-through and has a couple of mirrored ports. It’s pretty compact so it goes easily […]

Mar 19th, 2013

Comments: 0
Category: Uncategorized
Read More

Workshop at BSides London

As well as Rory’s talk on pentest automation at BSides London – we will both be doing a workshop “Performing a DIY Security Review”.  It is aimed at IT Professionals and shows the basics of how to prepare for a Security Review (“pentest”).  This is something that is dear to our hearts because writing about […]

Mar 12th, 2013

Comments: 0
Category: Uncategorized
Read More

Review of Surface Pro

I just got my Surface Pro a few days ago – albeit I had to import it from US with the help of a friend over there.  I’ve not had it for long so these are initial impressions I will add to later, but so far I am very pleased with it and think it […]

Feb 10th, 2013

Comments: 0
Category: Uncategorized
Read More

Request Validation in ASP.NET

We test a lot of ASP.NET web applications.  On about 40% of them, we notice when testing for cross-site scripting that the only thing protecting against it is the framework’s own Request Validation.  In other words, when you enter a basic XSS vector – you get a Yellow Screen warning that your input has been […]