In my previous article, I briefly went over some of the default security testing options available in existing DevOps deployment tools. In this article, I will cover what can reasonably be included in the DevOps pipeline, and a few caveats faced by security engineers who are trying to add security testing into a fully automated …
Tag Archives: InfoSec
Website technology enumeration
I have been deliberating since my last post as to what this post should consist of. I knew I wanted to do some domain and technology footprinting, but there is so much extra stuff that can be included in the post. I have decided to limit the scope, therefore not including the extras(these posts will …
The Internet Archive
The internet has seen many resources come and go since its inception, but where do these resources go when they are long forgotten? I stumbled across the answer(to a certain extent) a while back, and decided to share it. Archive.org is an internet library of web resources, and is a pretty cool website to play …
ITWeb security summit 2013
Hello everyone, I was lucky enough to be able to go to day 2 of ITWebs security summit. I have always wanted to go and check it out, and so this year was my lucky year. I started off day two by browsing the exhibition, checking out various things on show, before heading off to …
ZaCon IV
ZaCon 2012 was, as always, well worth the attendance. The organisers put together a schedule with presenters from all walks of the hacker domain, ranging from android vulnerabilities to physical security and hardware hacking. Of particular interest to me, where the presentations on game hacking, physical security, android penetration testing and HTML 5 exploits. Video …
Proof reading
So I have been proof reading for Hakin9 magazine for a while now, and today a great opportunity arose in that area. William Stallings has put together a new edition of his book Cryptography and network security, and I have been approached to proof read a chapter of it. As a result, I will be …
HTTPS security
HTTPS is a secure layering of the HTTP protocol used for communication over a computer network, most notably used on the internet. It achieves this security by using the SSL/TLS protocol, which is the standard as far as securing web applications go. In particular, HTTPS is used by banks, social networks, live streaming services, …
Session riding
I decided to make this post about web application session riding, known more formally as cross site request forgery, following a presentation about javascript malware done at one of the ISG Durban meetings. There are many ways in which a web application can be designed insecure, and much more ways in which to exploit them. …
First post, ZaCon III report back
I have finally decided to get my act together and begin posting on my blog. Albeit still in need of a great deal of design work, I will make this post and make good on design promises soon. So to kick off the blog, I will report back on the ZaCon III InfoSec conference (www.zacon.org.za) …