When all finished with your testing, and have collected all the evidence, it is time for the report. The report is expressly in existence to make it easier for the development team to fix the bugs. A lot of people don't like reporting. I am distinctly not one of those people....

Test an application for vulnerabilities is just like testing an application for meeting the business...

Not too long ago, I was asked to do a technical interview for a set of tests.  This isn't unhea...

A fun tool that finds weak Active Directory passwords, and then notifies the user. https://github.co...

Pwn2Own had some interesting browser vulnerability results: https://www.zerodayinitiative.com/blog/2...

Surprisingly good article from the BBC about firmware attacks https://www.bbc.com/news/business-5667...

Guess who forgot to do a newsletter last week?   Cool file upload attack to get access to SSH u...

Happy pi day!   Missive on the insecurity of C as a programming language. https://daniel.haxx.s...

This is a pop culture article about why mobile application can be insecure (from Wired) but it is we...

Portswigger published their Top 10 Hacking Techniques for 2020. https://portswigger.net/research/top...

Microsoft has some guidance for containers using .NET https://devblogs.microsoft.com/dotnet/staying-...

Apparently I failed to publish last week. Sorry about that.   Rolling shellcode from objects in...