The Armored Code

A blog talking about offensive and defensive security and how to craft software in a secure way

All Stories

codesake engine and two weeks of BDD development

Two weeks ago, I posted an article about a real world source code security review. Using regular expressions I was able to spot interesting things over JSP files I was...

23 Dec 2012

Bypassing HTTP Basic Authentication in PHP application nominated as hacking technique for 2012

Authentication is a cool topic in application security research nowadays. Last April I posted about a real world security assessment activities over a friend of mine PHP powered portal.

13 Dec 2012

Driven by real world task: code reviewing JSP using regular expressions

Nothing but solving a real world problem can help boosting a piece of software to evolve.

03 Dec 2012

Use the Nexpose API to automate report generation and download

In a previous post I talked about Rapid7 Nexpose) vulnerability assessment tool and how you can write some ruby code to search a server by IP address.

30 Nov 2012

Crafting an authentication subsystem that rocks for your Padrino application with Omniauth

Next time you point your browser to a /login url wait a minute before submitting your credentials. There is a complex system you’re going to use when you submit that...

21 Nov 2012

Untold: Owasp Orizon is died and I'm sad of it

In 2006 I started an ambitious project, an opensource SAST engine built in Java I called Owasp Orizon.

20 Nov 2012

Never miss a story from us, subscribe to our newsletter

Explore →

Osce (3) Tools (1) Offensive (1) Armoredbasics (1) Getting-root (1) Vulnserver (1)