A few weeks ago, Cisco released their 2008 Annual Security Report. Registration is required to download the presentation. The Cisco Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and October 2008, and provides a snapshot of the [...]

Version 3 of the OWASP testing guide is now available! This project’s goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues. Thanks to all that put in the [...]

Last month we noted that the Black Hat Japan 2008 presentations were available, and today we noticed that the audio for those presentations are online as well at the Black Hat Japan 2008 archives. Below are links to the audio. Black Ops of DNS 2008: Its The End Of The Cache As We Know It [...]

Several presentations from the Australian security conference RUXCON are now online. Saturday Presentations Attacking Rich Internet Applications by Kuza55 and Stefano Di Paola GPU Powered Malware by Daniel Reynaud Attacking the Vista Heap by Ben Hawkes SCADA: Hacking Modbus Enabled Devices by Daniel Grzelak Enterprise Security, Softer than the foam on my Frappuccino by LUMC [...]

This post is part of the security training review project, and was guest blogged by Jim O’Gorman. This last summer I was given the opportunity to take the Offensive Security 101 course. I came across it on accident while looking for some training that I could do without travel and that was reasonably priced. When [...]

The Browser Security Handbook is now online for everyone to read. This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several [...]

This post is part of the information security communities project. If you are a security professional and happen to be in Kansas City, here are a few local groups to get your fix of security knowledge. Cowtown Computer Congress Kansas City (CCCKC) – CCCKC is a grassroots organization of tinkerers, hackers, explorers, artists, inventors and [...]

While at ToorCon X, I had the opportunity to attend the ‘Crash Course In Penetration Testing’ workshop by Joe McCray and Chris Gates. I have heard of them before; Chris from the Carnal0wnage blog, and Joe from Learn Security Online. But how much could a crash course in penetration testing be actually taught in two [...]

I promised this list to Rob (mubix) Fuller a while ago, and I finally got around to compiling it. So here is the list of tools that were talked about at ToorCon X, organized by presentation. Targeted VoIP Eavesdropping: An Attack From Within VoIP Hopper X Test UC Sniffer ACE – Automated Corporate Enumerator One [...]

Here are the information security events in North America this month: Workshop on the Analysis of System Logs – December 7 in San Diego SC World Congress – December 9-10 in New York And here is the list of information security events around the world: ClubHack2008 – December 6-7 in India European Conference on Computer [...]