If you’ve ever worked in environments requiring a proxy, reverse proxy, or caching system, you’ve likely heard of Squid proxy. Squid is one of the leading open-source proxy tools with an extensive community and available plugin library. As is the case with many large,...
There is an ongoing tension between corporate cybersecurity and application security. That tension is rooted in both the technical and organizational challenges of keeping both of these environments secure, compliant, and reliable. While many people may view...
Exploiting a SAML Implementation and SAML Vulnerability During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom...
Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you liked this series, I bet you’d be interested in our webinar on How to Think Like A Hacker, check it out! Now on to Part 2: Taking it to the Next...
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated compliance scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many...
The new PCI-DSS 3.0 has introduced a number of new requirements. While some of the changes like penetration testing are getting most of the attention, there are numerous less obvious updates that are equally important. One of the new requirements that is that flying...
