A recent email by Dave Aitel to the Dailydave mailing list on Pen testing web servers was an inspiration to publishing a short, but simple script. I like to keep things simple when I write scripts, taking the Unix philosophy of doing one thing and doing [...]
Posted by Marcin on Wednesday, December 31, 2008 in
Code and
Security.
This week, I was doing an internal penetration test for a client of a web service, which is used by applications loaded on kiosk machines around the country. I didn't have much time to do the test, so I had a couple advantages, like having network access [...]
Posted by Marcin on Sunday, December 14, 2008 in
Code,
Security and
Work.
Last week, Richard Bejtlich reviewed "Nmap in the Enterprise," and for the most part, was largely disappointed with it's lack of enterprise context. My last script, tissynbe.py, parsed Nessus results in nbe format and inserted them into a MySQL database. [...]
Posted by Marcin on Sunday, June 15, 2008 in
Code and
Security.
Today I am going to cover a topic that is the most important to me: software security. When I talk about "software security", I refer to the process of building applications -- the artifacts, components, and capital that goes into making a polished [...]
Posted by Dre on Thursday, May 29, 2008 in
Code,
Defense and
Security.
I mentioned in previous posts that I had been working with Nessus -- I used it a lot. At the end of the engagement, we had almost a gigabyte of Nessus data saved in nbe format. So to quickly go through and analyze all the results, inserting it into a [...]
Posted by Marcin on Friday, May 23, 2008 in
Code and
Security.
