If you've ever assessed or poked at an application that uses Google Protocol Buffers, you know how painstaking the whole process can be. When you're lucky enough to have a corresponding .proto, ...

It's not uncommon for developers to accidentally (or purposefully) commit passwords or other information supposed to remain secret into revision control. It's also not uncommon to see RSA private keys indexed by ...

Last year, I released the Jython Burp API, a plugin framework to Burp that allows running multiple plugins simultaneously, exposes an interactive Jython console, provides Filter-like functionality, and eases developing plugins at ...

In my most recent post, I identified the direction and state-of-the-art in application security. We all know of the importance of application security in today's environments. However, finding out where to fit ...

Recently, it has come to my attention that industry people I respect (and vice versa) have desired me to re-post some comments I've made on other blogs. It's also high-time that we ...

Virtual Infrastructure Security Facts The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical servers. Virtualized servers will represent 14.6% of ...

I thought I'd take a moment to post about some web security tools I use pretty often, which help as a security consultant when responding to various web hacking related incidents. These ...