CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
RT @timoreilly: Amazing map showing how the Chilean earthquake's energy is expected to spread through the ocean http://bit.ly/cPFj7D
RT @jeremiahg: RT haha, the "official" XSS patent @psifertex: @jeremiahg @RSnake Fixed it for you: http://bit.ly/bXD7vf <- brilliant!
RT @RSnake: Facebook Patents Social Feeds and I Patent XSS http://bit.ly/96JSZl
XP & Vista support ending http://is.gd/9fcpB Can your existing HW be upgraded? http://is.gd/9fbpG Users that can't, mass pwning to ensue
@djdarkbeat That ctag could be simplified to: define_tag('status',-required='p'); return(action_params->find(#p)->size > 0); /define_tag;
CEOs, Conan and Calfornia public teachers: all paid to leave. Why getting rid of bad teachers is near impossible in CA http://is.gd/9dP5B
One final thought from Dawn Song. Leverage those who attack your website as free pentesting, and quickly patch = cost-effective solution!
1
The paper on Automated Blackbox Testing will be presented at the upcoming IEEE Security + Privacy conference http://is.gd/9dzd9
Kudzu isn't available publicly yet. Jason Bau (Stanford) presented on Automated Blackbox Testing of Webapps. Lots of room for improvement!
The OWASP Bayarea meeting was really interesting. Dawn Song introduced Kudzu, a JavaScript symbolic exec. framework for crawling Web 2.0
RT @ivanristic: OpenSSL 0.9.8m released; first version to support for secure renegotiation http://www.openssl.org
RT @jeremiahg: interesting, "Form-based HTTP Authentication Proof of Concept" http://bit.ly/cGjTyo <-- the readme mentions my contribution
RT @honeyapps: Good post from @rafallos on a real world & common case of SQLinjection http://bit.ly/cXdPYZ
RT @chiefmonkey: Blogged "GoDaddy Has My Passwords?" http://it.toolbox.com/trd/46/2/37130/3 <-- root access!
“your money is insured up to $250,000, but they should have an asterisk next to that saying ‘except for businesses’" http://is.gd/95xS0
"Security of Voting Systems" with Ronald Rivest was interesting http://is.gd/8Dsai Many ways to subvert election systems; I found some too.
Using MMORPGs to teach math: "The textbook is perhaps the worst possible medium for teaching mathematics" http://is.gd/91c32
@jeremiahg Imagemagick works too for quick and dirty CAPTCHA breaking http://is.gd/90Hvi
1