The Armored Code
A blog talking about offensive and defensive security and how to craft software in a secure way
Use the Nexpose API to automate report generation and download
In a previous post I talked about Rapid7 Nexpose) vulnerability assessment tool and how you can write some ruby code to search a server by IP address.
30 Nov 2012
Crafting an authentication subsystem that rocks for your Padrino application with Omniauth
Next time you point your browser to a /login url wait a minute before submitting your credentials. There is a complex system you’re going to use when you submit that...
21 Nov 2012
Untold: Owasp Orizon is died and I'm sad of it
In 2006 I started an ambitious project, an opensource SAST engine built in Java I called Owasp Orizon.
20 Nov 2012
The fragile Internet
It was a yesterday’s news that anonymous and other cracker’s crews attacked and defaced large number of corporate websites.
06 Nov 2012
Border line between marketing and security features
Make a web application penetration test is becoming tricky due modern browsers native anti-xss filtering facilities (they only work for reflected cross site scripting).
05 Nov 2012
The hidden pitfalls in automatic source code review
Disclaimer: this is an in depth post about pitfalls in security code reviews. A codesake.com focused post is available on codesake.com blog
28 Oct 2012
Never miss a
from us, subscribe to our newsletter