Brucon Archives - 7ASecurity Blog

Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ]

Admin — Tue, 03 Sep 2019 00:19:16 +0000

Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG-NETWORK-1: Data is encrypted on the network using …

The post Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] appeared first on 7ASecurity Blog.

OWTF 1.0 “Lionheart”: Brucon 5×5 video, slides and more

Admin — Wed, 15 Oct 2014 19:46:00 +0000

REMINDER: We just released OWTF 1.0 “Lionheart”, Please try it and give us feedback! Just a quick note to say that the materials used by the OWTF Crew during the Brucon 5×5 presentations are now online: Slides here: brucon-2014-5by5-owasp-owtf OWTF 1.0 “Lionheart” – Brucon 5×5 Video: Talk structure and higher resolution demos (From minute: 0) Introduction to OWTF and discussion of the Web …

The post OWTF 1.0 “Lionheart”: Brucon 5×5 video, slides and more appeared first on 7ASecurity Blog.

OWTF 1.0 “Lionheart” to be presented @Brucon

Admin — Thu, 25 Sep 2014 14:00:00 +0000

Why wait? Download OWTF 1.0 “Lionheart” now! 😉 Just a quick note that the OWTF Crew will be presenting part of what is coming on OWTF 1.0 “Lionheart” during the Brucon 5×5 presentations: When: Friday September 26, 2014 13:00 – 15:00 Where: 5 La Trappe (Novotel Ghent) – Brucon, Ghent, Belgium, Europe 🙂 OWTF talks …

The post OWTF 1.0 “Lionheart” to be presented @Brucon appeared first on 7ASecurity Blog.

VSA: The Virtual Scripted Attacker, Slides online

Admin — Wed, 20 Feb 2013 12:41:00 +0000

At Brucon 2012 I had the privilege to present and demo VSA, the Virtual Scripted Attacker, a tool I had been working on with a great team of very talented people for a number of months. The talk was only 5 minutes long (a Lightning talk) so the presentation is brief. VSA is the first …

The post VSA: The Virtual Scripted Attacker, Slides online appeared first on 7ASecurity Blog.

BruCon 2011 Lightning Talk winner slides, experience and some pics

Admin — Fri, 02 Dec 2011 02:06:00 +0000

I would like to use this opportunity to thank everybody that voted my lightning talk “Web app testing without attack traffic” as the “BruCon 2011 Lightning Talk winner”. I only had 5 minutes so I had to take out many things I wanted to cover, for this reason, I have significantly expanded this talk (106 slides …

The post BruCon 2011 Lightning Talk winner slides, experience and some pics appeared first on 7ASecurity Blog.

Testing Web apps without attack traffic

Admin — Mon, 12 Sep 2011 23:00:00 +0000

I will be giving a lightning talk at Brucon next week. My goal is to give a quick overview on the vast amount of tests possible before you have permission to test a target. This is particularly useful if you are given a short test window but you are willing to put the extra effort …

The post Testing Web apps without attack traffic appeared first on 7ASecurity Blog.