Unfortunately, one of the many concerns keeping IT and Security management up at night is wondering how a disgruntled system administrator (either current or former) may act maliciously. For Administrators to be able to...

The answer: Both…… if you want optimized coverage.

Most organizations have countless software applications they need to secure, but strict budgets and resources to do so. To ensure the right breadth and depth of test...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, oracles, and ...

Fifty years ago, high atop Launch Complex 34 at Cape Canaveral, a spark caused by faulty wiring ignited flammable materials in the pure oxygen environment inside the Apollo 1 capsule during a "plugs out" test. Astronauts...

At Security Innovation, our tech-enabled services leverage dozens of internally developed scanners, parsers, scripts and other tools to make our software security testing more efficient. However, authorization testing...

As part of Security Innovation's internship program, I spent a month conducting extensive research on Android malware; in particular, the automated analysis of malware for the purpose of uncovering insights that can help...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, and oracles. Today...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices and bad implementation. Today we'll be...

Issues with SSL and TLS are seemingly commonplace these days. In my previous post, I discussed many of the vulnerabilities that I've come across in the last few years conducting software security assessments for our...

With all the SSL/TLS bugs that seem to come out every month nowadays, as a security penetration tester it's hard for me to remember which bug causes what, how hard the exploit is, and what needs to be done to fix it. Over...