By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in two-decades old Bash code. How could open source software be vulnerable for so long? This episode looks at how open source projects have for the most part gone untested over time.
In part three of the series, I will discuss the role of test and evaluation in your organization.
Read More
No items found.
To All The Tools I’ve Loved Before: The Commitment Phobe (Open Source Fuzzers)
Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.
Vulnerabilities can be inherited through your software supply chain, and it’s more common than we may like to admit.
Read More
No items found.
To All The Tools I’ve Loved Before: The Selfish One (IAST)
Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.
The Hacker Mind Podcast: The Gentle Art of Lockpicking
What is the allure of lockpicking at hacker conferences? In this episode Deviant Ollam explains why these mechanical puzzles remain popular with hackers. Ollam, who was an early member of Toool, The Open Organization of Lockpickers, discusses his career as a physical pen tester and also provides some basic lockpicking tips.
Part one of a three-part series. Applications contain hundreds of code components. Applications are constructed similarly to automobiles: parts are sourced from multiple vendors to produce software that is then used by the consumer.
Read More
No items found.
To All The Tools I’ve Loved Before: The Liar (SAST)
Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.
Some may remember NCSA HTTPd, a predecessor to Apache. However, what they might not know (but won't be surprised by!) is that it had plenty of bugs. Let's dive in and reproduce a classic command injection with fuzzing!