Blog Archives

Apr 12th, 2016

Comments: 0
Category: Uncategorized
Read More

Testing in Live Environments

It seems pretty obvious that carrying out web application testing in a live production environment is in general a bad idea. Exactly how bad an idea depends on the nature of the site, but considering that many testing functions involve deliberately creating data which is either badly formatted, or is in a location where it […]

Mar 23rd, 2015

Comments: 0
Category: Uncategorized
Read More

How to get rid of all those pesky mediums….

I’m being slightly disingenuous here, but it often occurs to me that there would be a very quick way to get rid of the vast majority of medium severity vulnerabilities generated by scanners…  Disable HTTPs and revert everything to clear text. At one stroke you get rid of SSLv2, SSLv3, weak ciphers, RC4, freak, beast, […]

May 12th, 2014

Comments: 0
Category: Uncategorized
Read More

Web Application Testing Workshop

We did our Workshop on testing Web Applications at Scottish Ruby Conf today. This took place at Crieff Hydro and was targeted at Ruby developers and other people who are keen on the language. It is the fifth year of the conference this year and Rory has taken part in all of them. The workshop […]

May 19th, 2010

Comments: 0
Category: Uncategorized
Read More

Interesting Example of Cloud Computing Risks

One of the aspects of the move to cloud computing I find most interesting is the new and emergent risks that come with the move of services from a traditional networked IT environment, to being hosted “out in the open” of the cloud. Whilst attention gets paid to some of the technical risks, I don’t […]

Apr 1st, 2010

Comments: 0
Category: Ruby On Rails
Read More

Scottish Ruby Conference follow-up – 2 – Securing your app.

Most of the questions I got after my talk were around how people can look to secure their application. I mentioned a couple of sites and it’s probably worth expanding on the points made. Web Application Security For people looking to understand how to secure their web applications, in my opinion the best source of […]

Mar 26th, 2010

Comments: 1
Category: Metasploit
Read More

Scottish Ruby Conference & Breaking things with Ruby

Just had the first day of the Scottish Ruby Conference. The venue was awesome, there’ll doubtless be lots of good pictures up on places like flickr in due course, but here’s a couple I snapped with my Nokia n900. The three track rooms were the Conference Hall, the Great Hall and my personal favourite the […]

Feb 15th, 2010

Comments: 0
Category: Uncategorized
Read More

Scottish Ruby Conference

If you’ve not already heard about it, the Scottish Ruby Conference is coming up in March in Edinburgh. There’s a really interesting set of presentations lined up for this years conference, and the hardest thing, I reckon, will be picking between the three tracks! I’ve been very lucky to get my talk accepted for this […]

Jan 4th, 2010

Comments: 0
Category: Uncategorized
Read More

Ruby SSL Checker

After reading a post by Gursev Kalra here, I decided to have a shot at putting together a slightly expanded version of his ssl Cipher suite checking code in ruby. I’ve got it working reasonably well in my tests and it can chuck out reports in text and XML . The code for the main […]

Dec 31st, 2009

Comments: 0
Category: Uncategorized
Read More

… And we’re back

So, we’re back from a bit of an unscheduled break for my web server. The hosting company had a bit of a problem with disks, so my VM has been out of action for a week or so. Luckily, my backups worked pretty well so minimal content lost. I’m using the rather unorthodox backup over […]

Dec 20th, 2009

Comments: 1
Category: Uncategorized
Read More

Nokia N900 – Ultimate Hackers Phone?

I got a Nokia N900 the other week and I’ve started playing around with the software. At heart it runs Maemo Linux which is based on debian, so in theory any software that runs on debian should run on the phone ! Also unlike other smart phones which can be coaxed into running linux, the […]