Look too much into the Sun (Tzu) and you will be blinded

You can’t go to a security conference nowadays and not hear at least 700 references to Sun Tzu and his writing, The Art of War. And how important and relevant that book is to the world of Information Security. But let’s not limit our focus to the InfoSec guys. Life coaches (whatever they are) are abusing… Continue reading Look too much into the Sun (Tzu) and you will be blinded

The revised and compressed OWASP Top 3 Web Application Vulnerabilities

I love Top 10s. They’re everywhere and about everything: Top 10 Fascinating Facts About Neanderthals, Top 10 Crazy Bridal Preparation Customs, Top 10 Alleged Battles Between Humans And Aliens, etc. But my question was always: why 10? Why not 11? Or 9. Or whatever else? I guess 10 sounds more important than 11 or 9. It’s the decimal system, 10… Continue reading The revised and compressed OWASP Top 3 Web Application Vulnerabilities

http vs https performance

A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication… Continue reading http vs https performance

OWASP Romania

If you are an English speaker, well, this is a post announcing and promoting the Romanian Chapter of OWASP. You can join your local chapter or the global effort of OWASP to improve information security. ### OWASP (The Open Web Application Security Project) are acum deschisa o organizatie locala si in Romania. Suntem in cautare de noi… Continue reading OWASP Romania

Techniques to play with custom and encrypted protocols

An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients… Continue reading Techniques to play with custom and encrypted protocols