Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called ‘Get Rich or Die Trying - Making Money on The Web, The Black Hat Way‘. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws.
The Get [...]

A couple weeks ago, Jeremiah Grossman put together a survey for web application security professionals, and now the results are posted. There were 17 questions, ranging from your general background to rating web vulnerability scanners. There were some funny questions like the HackerSafe one… Safe from Hackers, Safe for Hackers, or Other?
Jeremiah also posted [...]

Last week SANS held two WhatWorks summits in Las Vegas. One covered penetration testing and ethical hacking, and the other covered web application security.
 
Jeremiah Grossman was the keynote speaker for the web application security summit, and he posted his post-summit thoughts on his blog.
The format favored enterprise speakers rather than experts, which made it [...]

Last week was the Hack in the Box conference, this time in Dubai. I wish I could have been there, but its a bit hard for me to justify the international travel costs. But the speaker lineup and topics looked awesome, covering things like GSM cracking, windows token kidnapping, and Medeco m3 cracking.
Speaking of [...]

I thought I had an excellent plan when attacking the massive number of RSA sessions available. My plan was to attend the sessions unique to RSA, mainly the business sessions because I already attend a handful of technical security conferences throughout the year. Here is a my original RSA schedule, and I none of them [...]