WEBCAST: Web App Assessments for Non-Majors
BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]
Brian King
When Infosec and Weed Collide: Handling Administrative Actions Safely
BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]
Towards a Quieter Firefox
Brian King // On a recent webapp test, I got a little frustrated with all the extra HTTP requests showing up in my Burpsuite Proxy History from connections that Firefox […]
GNU Screen Quick Reference
Brian King // I use GNU Screen mainly to prevent processes from dying when I disconnect from an SSH session, but GNU Screen can do a whole lot more than that […]
Certificate Transparency Means What, Again?
Brian King // News from Google this week says that Chrome will start enforcing Certificate Transparency a year from now. https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw This means that when Chrome contacts a website, if […]
AppleTV & nmap -sV
BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]
Book Review: “Red Team – How to Succeed by Thinking Like the Enemy”
Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it […]
Browser Plugin Oversharing
Brian King // Do you know what that browser plugin is doing? There’s a browser plugin for just about everything. You can find one to change the name of […]
Three Minutes with the HTTP TRACE Method
Brian King // All of our scanning tools tell us that we should disable the HTTP TRACE and TRACK methods. And we all think that’s because there’s something an attacker […]