- feeds
- popular
- recent
- reader
- about
- story
- technologies
- what is rss
- connect
- dmca
- contact
- Feed Preview tssci-security
Decoding and Tampering Protobuf Serialized Messages in Burp
If you've ever assessed or poked at an application that uses Google Protocol Buffers , you know how painstaking the whole process can be. When you're lucky enough to have a corresponding .proto, ...
web2py: Key as Initialization Vector
It's not uncommon for developers to accidentally (or purposefully) commit passwords or other information supposed to remain secret into revision control. It's also not uncommon to see RSA private...
http://www.tssci-security.com/archives/2013/02/21/web2py-key-as-initialization-vector
Projects
JYTHON BURP API Jython Burp API is a framework for developing Burp extensions in Jython. Jython Burp API on GitHub Extending Burp with Jython Burp API PYTHON-PADDINGORACLE python-paddingora...
Extending Burp with Jython Burp API
Last year, I released the Jython Burp API , a plugin framework to Burp that allows running multiple plugins simultaneously, exposes an interactive Jython console, provides Filter -like functional...
http://www.tssci-security.com/archives/2013/02/14/extending-burp-with-jython-burp-api
Pentesting Flex
I've posted an entry over on my employer's blog on Penetrating Intranets through Adobe Flex Applications . I've also released a new tool along with it, called Blazentoo. This tool exploits insecu...
http://www.tssci-security.com/archives/2010/03/18/pentesting-flex
What makes a solid security program?
In my most recent post, I identified the direction and state-of-the-art in application security. We all know of the importance of application security in today's environments. However, finding ou...
http://www.tssci-security.com/archives/2009/07/28/what-makes-a-solid-security-program
Blackhat USA 2009 / Defcon 17
It's that time of year again, where we all come out of hiding and meet in Sin City to cause nothing but trouble. The brave venture out into the scorching hot sun during the day and some even dare...
http://www.tssci-security.com/archives/2009/07/27/blackhat-usa-2009-defcon-17
Appsec industry trends - looking forward
Recently, it has come to my attention that industry people I respect (and vice versa) have desired me to re-post some comments I've made on other blogs. It's also high-time that we at TS-SCI/Se...
http://www.tssci-security.com/archives/2009/07/25/appsec-industry-trends-looking-forward
Virtual appliances for the security professional
VIRTUAL INFRASTRUCTURE SECURITY FACTS The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical servers. Virtualized servers will...
http://www.tssci-security.com/archives/2009/03/18/virtual-appliances-for-the-security-professional
Web application security incident handling
I thought I'd take a moment to post about some web security tools I use pretty often, which help as a security consultant when responding to various web hacking related incidents. These tools hav...
http://www.tssci-security.com/archives/2009/02/23/web-application-security-incident-handling