The Armored Code
A blog talking about offensive and defensive security and how to craft software in a secure way
Howto crawl web.xml with ruby to discover servlet urls for a pentest
Something very boring happening in a web application penetration test is to reach out URLs that are not referenced in other pages.
05 Sep 2013
Tales from a login page: exploit the form
Last time we introduced the login form as seen on the attacker perspective.
03 Sep 2013
Tales from a login page: intro
During 2013 a lot of websites were defaced. Attackers mostly use SQL injection vulnerable pages to steal data, execute arbitrary commands or make some nasty things common people can’t understand...
08 Aug 2013
Create a quick and dirty web crawler with ruby
A couple of days ago, I was starting a new security activity over a website I never saw before. If you remember a last year post, the first task is...
30 Jul 2013
How to quote a code review
A premise: I don’t trust gantt and fancy IT project managers’ document where every project step fits in a perfect order without dealing with the unpredictable.
29 Jul 2013
When the vulnerability is not the vulnerability itself
In an ideal world, all projects has good management. Projects needs strong decisions and a clear plan that make people able to build something; this is true for a bridge,...
18 Jul 2013
Never miss a
from us, subscribe to our newsletter