Introducing the iOS Reverse Engineering Toolkit

It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating the same manual tasks for each test. Typing out the same commands to run various tools that are required to help […]

Managing Flaw Review with a Large Multi-vendor Application

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However in a large enterprise there exist applications which are developed by […]

A Geek Eye On The Car Guy?

We don’t know what the world will look like when everybody drives a ‘connected car.’ But that shouldn’t keep us from making it clear who is responsible for the integrity of the software they run. Some of the biggest and most exciting technological transformations anywhere are taking place in the auto industry. Long a technology […]

Security Headers on the Top 1,000,000 Websites: March 2014 Report

The March 2014 report is going to be a bit different than those in the past. This is primarily due to architectural changes that were made to get more precise data in less time. Additionally, a lot of work has been done to automate generation of these reports so they can be released more often. […]

Guidelines for Setting Security Headers

As part of our Alexa Top 1 Million Security Headers post series(Nov 2012 – Mar 2013 – Nov 2013,) it is not uncommon to have to go back and re-read specifications to determine which header values are valid. While there are numerous sites that detail the various headers and what they do, there isn’t a […]

RSA Perspective: Is It Time For A Cyber Safety Board?

We have government agencies to monitor the safety of cars, roads, bridges and air travel. What’s so special about cyber? If you caught the headlines last week, you might have read about the developing scandal over a fatal problem with ignition switches in General Motors cars? The automaker has been forced to recall 1.37 million […]

Are You Ready for the Inevitable Question on Software Security?

Independent software suppliers need to recognize the tide of change that is coming from their largest enterprise customers. Over the course of 2013, I witnessed a shift in security. As we learned about government surveillance and suffered through credit card replacements as a result of the Target Breach, questions of security have come to the […]

Stuck in the Cold: Not ALL the Cool Kids go to RSA

So once again, I’m not attending RSA. While my counterparts are working our booth in their new Veracode kicks, and meeting with customers, I’m perusing the RSA conference videos and podcasts for interesting things to read. The Risk and Responsibility in a Hyper-Connected World podcast got my attention – mostly because it promised some research: “Findings and perspective […]

Reversing Kony JavaScript iOS Applications

Researched by William Spires and Stephen Jensen. That Was Then, This is Now Just five short years ago, if you wanted to create an iOS application, you had to either take a crash course in Objective-C programming or hire someone to create the application for you. It was truly the beginning of a mobile revolution, […]

When is a Security Breach Not a Security Breach?

UK supermarket giant Tesco was in the news recently for the wrong reasons after details of 2,240 customer accounts appeared on Pastebin. Tesco moved quickly to suspend the accounts in question, but an unlucky few did have store vouchers stolen; not to mention email addresses and passwords on display for the world to see. This […]

1 5 6 7 8 9 69