UPDATE: April 2nd - Added new pinning article thanks @an_animal! UPDATE: Feb 14th - Added (draft, initial) forensics section, Added pinning links, thanks @an_animal for most pinning resources! Android Security is like IPv6: It will catch you sooner or later :). It is becoming more common for Web Applications to involve a Mobile Application component. …
An interesting tool for Java source code analysis is OWASP LAPSE Plus. You can see the instructions to set it up on the project's page or here - LapsePlus_Tutorial. OWASP LAPSE Plus requires Eclipse Helios and a number of people who know more than me at stack overflow suggest that you should not install eclipse …
Here are a few links if you want to download the materials from the OWASP OWTF BruCon 2012 workshop that happened last week in Ghent, Belgium: - The slides are now online in slideshare - The demos, code and slides PDF can be downloaded from either of these: The OWTF Project Github page The BruCon …
IMPORTANT: If you are attending the "Introducing OWTF" BruCon workshop on Wednesday please download the latest OWASP OWTF and latest DEMO Report. Thank you! Another round of GIT hell has taught me a couple of things but finally, OWASP OWTF 0.15 is here for your entertainment! OWTF 0.15 "BruCon" is dedicated with special love to …
Background A recent data breach on the LinkedIn database leaked around 6.5 million salted hashes. This ignited a healthy debate in the security community: - Some people said you should only use bcrypt and that salted passwords are useless - It was clear that LinkedIn failed to salt their passwords: This is the immediate worst option …
UPDATE: I will update this blog post with links to the video when available NOTE: Remember there is a Download option in slideshare :). "That was best description of why cross domain policy is bad I've ever heard" - Full props to Robin Wood for those kind words re this talk! There are three versions …
OWTF 0.14 "London" is dedicated with special love to BSides London, its organisers and attendants! Usual background + Disclaimer: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, …
I have had to travel a lot lately and there are some annoying issues I see as I take planes, this blog post combines some tips and tricks I have used successfully with the hope that they may be useful for you too :). Motivation - I do not like to see "first time fliers" …
This is a stability release fixing a number of issues I encountered as I was preparing my demos -1h :)- for HackPra tomorrow. I will try to explain this weird tool a bit better and look forward to your feedback :). OWTF 0.13b "HackPra" is dedicated with special love to HackPra, its organisers and attendants! …
This was my first time speaking at Troopers in Heidelberg (Germany) and I must give a big thank you to the organisers who were really nice and helpful before, during and after the conference. If you attended my talk I would appreciate feedback (positive, negative and/or neutral :)). OWTF 0.13 "Trooper" is dedicated with special …
