I came across this article (see link below) not too long ago and it really got me thinking about not only the places where I put my information on the Internet, but the reasons I put my information out there.  Most sites we put our information seem ...

So what is the big deal if a few of my corporate PCs are infected with malware, what’s the worst that can happen? In this post I want to cover what can be done with a compromised PC and why it is a big deal. Many Security Managers minimize the importance ...

While managing Operational Risk for a large IT organization, one of my responsibilities was to work with Corporate Operational Risk to define Key Risk Indicators (KRIs) KRIs were monitored at a corporate level.  We took the easy route by using canned ...

Ready for one last slick web application penetration test trick? In this installment we'll explore a subtle and often overlooked vulnerability related to web application authentication. In response to the login request containing posted ...

If someone knows an easier way to accomplish this, feel free to post and make my life even easier. The "Export WDE Activity" report from the Universal Server is useful if you need to do things like measuring compliance.  Unfortunately none ...

Ready for another cool web application penetration test trick? In this installment we'll cover clickjacking, also known as "UI redressing". Clickjacking is an instance of the classic "confused deputy" problem, and occurs when ...

Performing a web application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work penetration testers hone their methodology and develop efficient ways of applying their ...

Information Technology is radically changing. We can wrap it in terms and buzzwords like cloud, mobility, BYOD, Web 3.0, but the reality is both the sum of and more complex than the names we give it. IT is no longer in the hands of the professionals. ...