What is Compliance Automation?

The newest word on the market is Compliance Automation. But what exactly is Compliance Automation? Well, let’s start with what Compliance Automation is NOT.

Owning SAML

Exploiting a SAML Implementation and SAML Vulnerability During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom authentication mechanism our client developed out of a need to support their customers. With a bit […]

The NGFW is Dead

Let’s get this out of the way: the next-generation firewall (NGFW) is dead. The cause of death: cloud. However, this is not an execution, rather a slow, decline into irrelevance in the face of a more agile competitor. The shroud of death and decay are all around the NGFW products. They are bloated, expensive, and […]

A Study in Exploit Development – Part 1: Setup and Proof of Concept

A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated compliance scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we discover vulnerabilities with publicly available exploits. This can sometimes result in a complete domain compromise. Other […]