Blog Archive 2013 Railsberry chronicles: day 2 - The English penetration test (eventually the day I talk to 450+ oustanding developers) Apr 23 2013 Railsberry chronicles: day 1 - The unerdware experiment Apr 22 2013 Railsberry chronicles: day 0 - the trip Apr 21 2013 I don’t care if app is unsecure, it’s friday I’m in love Apr 19 2013 Being nervous and anxious before a talk Apr 17 2013 Untold: nobody will make a cinema story over this blog and I’m fine Apr 11 2013 Happy birthday armoredcode and 4 rails advisories Mar 18 2013 Creating awereness on an hostile environment Mar 12 2013 Ruby on Rails cheatsheet: the review Mar 05 2013 Exploiting SSH weak passwords the ruby way Feb 15 2013 Is Vulnerability Management a buzz word? Jan 23 2013 Defending yourself is not a crime Jan 11 2013 CVE-2012-5664: Sql Injection on Rails… again Jan 04 2013 2012 codesake engine and two weeks of BDD development Dec 23 2012 Bypassing HTTP Basic Authentication in PHP application nominated as hacking technique for 2012 Dec 13 2012 Driven by real world task: code reviewing JSP using regular expressions Dec 03 2012 Use the Nexpose API to automate report generation and download Nov 30 2012 Crafting an authentication subsystem that rocks for your Padrino application with Omniauth Nov 21 2012 Untold: Owasp Orizon is died and I’m sad of it Nov 20 2012 The fragile Internet Nov 06 2012 Border line between marketing and security features Nov 05 2012 The hidden pitfalls in automatic source code review Oct 28 2012 Adding basic authentication support to wpscan Oct 23 2012 Are web agencies the new security threats in 2013? Oct 22 2012 Parsing CVSS vector and publishing as API Oct 09 2012 Pony and the empty emails bug Oct 08 2012 CFP open for next Owasp Italy Day 2012 Oct 04 2012 The first and last post about codesake.com Sep 26 2012 When you realize you’re doing threat modeling Sep 18 2012 Between pentesting and entrepreneurship Sep 14 2012 They are tracking at you - pt.1 Sep 07 2012 Enabling related post on octopress and Mac OS X Aug 29 2012 Create an highlight octopress plugin Aug 28 2012 Lovely tips: string starting with a pattern and timeframe duration like gents Aug 27 2012 Use the Nexpose API to add a search by IP functionality in your tools Aug 24 2012 armorize your rack stacktrace for debug purposes Aug 14 2012 Anti aliasing in ruby attribute assignment and a TDD session Aug 04 2012 5 excuses you won’t tell your self for not practicing TDD Jul 26 2012 Build an API for fun with Grape Jul 24 2012 Penetration testing with ruby: fingerprinting your target Jul 19 2012 Fingerprinting CMSes under the moonlight Jul 16 2012 Which is the most secure programming language ever? Jul 11 2012 Testing your cookie’s attributes for insecurities using ruby Jul 05 2012 Some security tips for ruby hackers: leveraging the attack surface: part 2 Jun 27 2012 What I learnt from Italian RubyDay Jun 15 2012 Some security tips for ruby hackers: leveraging the attack surface. Part 1. Jun 13 2012 Some security tips for ruby hackers: prelude Jun 12 2012 LeakedIN and the salt and pepper sauce Jun 07 2012 CVE-2012-2661: SqlInjection on Rails Jun 04 2012 Am I the sandman? May 30 2012 Ghost in the shell: an exploiting attempt examinated May 23 2012 H@W #2 - Matteo Parmi: ruby hacker and opensource enthusiast May 21 2012 Using design by contract and TDD to enforce security: the coat project May 16 2012 Is Design by contract the solution for safe coding? May 10 2012 H@W #1 - Simon Bennetts: Owasp Zap Project leader May 04 2012 Open the code or review it: Oracle CVE-2012-1675 May 02 2012 New monothematic posts serie: Hackers @ Work Apr 27 2012 Bypassing HTTP Basic Authentication in PHP applications Apr 26 2012 H4F - invisible proxy… casper gem Apr 23 2012 Understand your risk: disclosing information Apr 17 2012 Papa don’t breach Apr 10 2012 H4F - use robots.txt as a weapon with links rubygem Apr 06 2012 H4F - palco: your Sinatra skeleton builder Mar 30 2012 Understanding your attack exposure Mar 21 2012 Even before your secure coding… patch your server Mar 19 2012 Hello world Mar 16 2012
Railsberry chronicles: day 2 - The English penetration test (eventually the day I talk to 450+ oustanding developers) Apr 23 2013
Bypassing HTTP Basic Authentication in PHP application nominated as hacking technique for 2012 Dec 13 2012
Crafting an authentication subsystem that rocks for your Padrino application with Omniauth Nov 21 2012
