If you've ever assessed or poked at an application that uses Google Protocol Buffers , you know how painstaking the whole process can be. When you're lucky enough to have a corresponding .proto, ...
It's not uncommon for developers to accidentally (or purposefully) commit passwords or other information supposed to remain secret into revision control. It's also not uncommon to see RSA private...
http://www.tssci-security.com/archives/2013/02/21/web2py-key-as-initialization-vector
JYTHON BURP API Jython Burp API is a framework for developing Burp extensions in Jython. Jython Burp API on GitHub Extending Burp with Jython Burp API PYTHON-PADDINGORACLE python-paddingora...
Last year, I released the Jython Burp API , a plugin framework to Burp that allows running multiple plugins simultaneously, exposes an interactive Jython console, provides Filter -like functional...
http://www.tssci-security.com/archives/2013/02/14/extending-burp-with-jython-burp-api
I've posted an entry over on my employer's blog on Penetrating Intranets through Adobe Flex Applications . I've also released a new tool along with it, called Blazentoo. This tool exploits insecu...
http://www.tssci-security.com/archives/2010/03/18/pentesting-flex
In my most recent post, I identified the direction and state-of-the-art in application security. We all know of the importance of application security in today's environments. However, finding ou...
http://www.tssci-security.com/archives/2009/07/28/what-makes-a-solid-security-program
It's that time of year again, where we all come out of hiding and meet in Sin City to cause nothing but trouble. The brave venture out into the scorching hot sun during the day and some even dare...
http://www.tssci-security.com/archives/2009/07/27/blackhat-usa-2009-defcon-17
Recently, it has come to my attention that industry people I respect (and vice versa) have desired me to re-post some comments I've made on other blogs. It's also high-time that we at TS-SCI/Se...
http://www.tssci-security.com/archives/2009/07/25/appsec-industry-trends-looking-forward
VIRTUAL INFRASTRUCTURE SECURITY FACTS The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical servers. Virtualized servers will...
http://www.tssci-security.com/archives/2009/03/18/virtual-appliances-for-the-security-professional
I thought I'd take a moment to post about some web security tools I use pretty often, which help as a security consultant when responding to various web hacking related incidents. These tools hav...
http://www.tssci-security.com/archives/2009/02/23/web-application-security-incident-handling