All Stories

Use the Nexpose API to automate report generation and download

In a previous post I talked about Rapid7 Nexpose) vulnerability assessment tool and how you can write some ruby code to search a server by IP address.

Crafting an authentication subsystem that rocks for your Padrino application with Omniauth

Next time you point your browser to a /login url wait a minute before submitting your credentials. There is a complex system you’re going to use when you submit that...

Untold: Owasp Orizon is died and I'm sad of it

In 2006 I started an ambitious project, an opensource SAST engine built in Java I called Owasp Orizon.

The fragile Internet

It was a yesterday’s news that anonymous and other cracker’s crews attacked and defaced large number of corporate websites.

Border line between marketing and security features

Make a web application penetration test is becoming tricky due modern browsers native anti-xss filtering facilities (they only work for reflected cross site scripting).

The hidden pitfalls in automatic source code review

Disclaimer: this is an in depth post about pitfalls in security code reviews. A focused post is available on blog