All Stories

Is Vulnerability Management a buzz word?

Some days ago, on a group about Italian startups, a smart guy said he had a breakthrough product he is going to develop: a cloud based solution to store...

Defending yourself is not a crime

When I wrote last week post incipt, I wasn’t aware I was going to make a prophecy about 2013 and application security.

CVE-2012-5664: Sql Injection on Rails... again

2013 is well promising for application security. Two days ago Aaron Patterson, a rails core member announced a SQL Injection vulnerability for ActiveRecord ORM included in Rails framework.

codesake engine and two weeks of BDD development

Two weeks ago, I posted an article about a real world source code security review. Using regular expressions I was able to spot interesting things over JSP files I was...

Bypassing HTTP Basic Authentication in PHP application nominated as hacking technique for 2012

Authentication is a cool topic in application security research nowadays. Last April I posted about a real world security assessment activities over a friend of mine PHP powered portal.

Driven by real world task: code reviewing JSP using regular expressions

Nothing but solving a real world problem can help boosting a piece of software to evolve.