Finally the day I gave the talk is arrived and it’s gone. Going on stage in front a more than 450 talented developers was an astonishing experience. It drove me crazy. My spoken English has limits on its own, but it in front of such crowd I seemed to be ... Read More

I’m too tired, even for rest. It’s a sunny sunday afternoon here in Cracow and I’m on my hotel room writing this post. This night was almost sleepless so I had the need to recover a bit. In Poland for the second time It’s fun. When I arrived at the ... Read More

A month ago I opened a “one question only” survey on surveytmonkey. I asked “Why you don’t make any web application penetration test when I deploy a new web application (or a new feature)?” I collected 41 answers after advertise the poll on linkedin, facebook and on twitter. I asked ... Read More

It happens all the time I have to deliver a talk. Some days before my anxiety-meter level goes out of scale. It will last until slide number 4 when I will recall that all the attack stuff I will show during the speech are not intended to be used by ... Read More

Julie Powell is an American writer who creates a blog back in 2002. She wrote about an American woman lived in Paris in 1949-or-something that innovates American cooking scenario writing a book (in English) talking about novelle cousine. Starting from the blog, she wrote a book and eventually, this story ... Read More

It was a year ago when I started the armoredcode.com project. The goal, it’s useful to recall it, is to talk to developers about application security. And this evening there are three new security advisories for the Ruby on Rails MVC framework. Is rails under attack? Yesterday, @tenderlove reported 4 ... Read More

With a colleague we were wondering about how much difficult is to create an application security awareness climate in big corporate development team. Please bear in mind that since I’m working in Italy my experience is very narrowed to my country. If you have different stories to tell, please drop ... Read More

Jim Manico is a friend and a rinomated security professional. He announced in Owasp mailing list that a Ruby on Rails cheatsheet is available. I asked Jim to introduce himself. Jim Manico is the VP of Security Architecture for WhiteHatSecurity, a web security firm. He authors and delivers developersecurity awareness ... Read More

Even before starting writing complex input filters to manage your users’ input, you must care about the password you use on your servers. If they are poor, no application security on Earth would save you against a break-in. Scenario You are pentesting your customer’s network. A lot of servers are ... Read More

Some days ago, on a Facebook.com group about Italian startups, a smart guy said he had a breakthrough product he is going to develop: a cloud based solution to store people sensitive health-related information. As a wise appsec guy I asked him something about how is going to protect customers’ ... Read More