The Cloud is a Scary Place
Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such as Paypal, Facebook, Mozilla, Google, and Twitter. But with bug bounties in place, the opportunity to discover security vulnerabilities can offer significant gain for white hats all over the world.
SQL Invader is a free tool from NT OBJECTives that gives you the ability to quickly and easily exploit or demonstrate SQL Injection vulnerabilities in web applications.
“White Hat” Hackers Gather in Houston to Talk Strategy
The 3rd annual HouSecCon took place this week. With attendance up 40% from 2011, it was exciting to be a part of this growing event. I was invited to speak again this year. My topic, “Get off your AMF and don’t REST on JSON”.
My mobile web app sec related talk happened to go over real well at the conference. So good in fact, that the local FOX 26 News highlighted the current state of mobile web application security in their 5 o clock broadcast.
Can Science Stop Crime?
University of Washington computer scientist, Tadayoshi Kohno (@yoshi_kohno), will be featured in PBS’s NOVA scienceNOW on Wednesday (October 17) for his work that shows how easy it is for someone to highjack not just your laptop but your kids’ toys, medical devices, even your car.