Google Safe Browsing API - Google has put together a really cool API that allows developers to query their database of suspected malware and phishing sites.
Using SQLMap for Automated Vulnerability Assessment - Vulnerability assessors and code auditors are often faced with situations where a large volume of code needs to be audited quickly to enable a deployment.
Defending Web Applications with PHPIDS - PHPIDS is a very intriguing project that mimics the functionality of much more involved intrusion detection systems.
SEI Advanced Incident Handling - Day 5 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
SEI Advanced Incident Handling - Day 4 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
SEI Advanced Incident Handling - Day 3 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
SEI Advanced Incident Handling - Day 2 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
SEI Advanced Incident Handling - Day 1 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
Educause Security 2009 - It's interesting to see a security conference so heavily focused on privacy, but identity theft is the intersection of privacy and security.
Review of Chained Exploits by Whitaker, Evans and Voth - Academic fields are severely limited by the vocabulary available to discuss issues and the "chained exploit" is sure to become a mainstay in the discourse of information security.
OSSEC Version 2.0 Released - OSSEC is a wonderful open source host based intrusion detection tool that can greatly enhance your server security.
InfoSec Institute Ethical Hacking Day 4 & 5 - I've just finished InfoSec Institute's Ethical Hacking class (http://www.infosecinstitute.com/courses/ethical_hacking_training.html). The last two days were so hectic that I didn't even get a chance to blog about them as I would have liked.
InfoSec Institute Ethical Hacking Day 3 - Day three of ethical hacking didn't end until about 7 PM and with the CPT exam scheduled for the end of day four I didn't get a chance to blog.
InfoSec Institute Ethical Hacking Day 2 - I've just finished the second day of InfoSec Institute's Ethical Hacking class (http://www.infosecinstitute.com/courses/ethical_hacking_training.html)
InfoSec Institute Ethical Hacking Day 1 - I've just finished the first day of InfoSec Institute's Ethical Hacking class (http://www.infosecinstitute.com/courses/ethical_hacking_training.html).
Samurai Web Testing Framework - he Samurai Web Testing Framework is a bootable Linux CD that contains numerous tools specifically designed for web application penetration testing and vulnerability assessment.
First Looks at Google Chrome - This week Google entered the web browser wars with a vengeance, releasing their own web browser, dubbed Chrome, as a free beta.
OSSEC HIDS 1.6 Released - On September 1, OSSEC announced the release of the latest version of the OSSEC-HIDS tool (version 1.6).
OWASP Releases DirBuster 0.11.1 - Two days ago OWASP announced the release of a new version of their DirBuster tool. DirBuster is a Java based web application scanner.
SanDisk Sansa Clip Annoyances - Problem was I plugged it into my XP laptop and it was recognized as a new USB device, but it wouldn't show up in my 'My Computer' menu.
CEPT Practical - The Certified Ethical Penetration Tester (CEPT) certification is sponsored by the IACRB (Information Assurance Certification Review Board).
The New School of Information Security - The New School of Information Security is one of the most timely and radical books on computer and information security that I've ever read.
Get with the New School - The most important book on computer security in the market today, The New School of Information Security by Adam Shostack and Andrew Stewart.
Lets Go Phishing - PhishTank (http://www.phishtank.com/) is a service that allows you to submit suspected phishing sites and tracks their status. With an open API, PhishTank even lets you write tools to query their data.
OSSEC Intrustion Detection System - OSSEC is an open source host based intrusion detection system (IDS). An IDS is one of the most important tools available to a security administrator.
botHunter Released - botHunter looks for patterns in dialogues between computers in search of well known sequences that indicate bot activity.
Return to Castle Wolfenstein on Mandriva - Playing Return to Castle Wolfenstein on Mandriva is a lot of fun. Linux detractors will often point out that Linux lacks games, and point to that as one of the main reasons to stay away from Linux for home use.
Props to Apple - So I wasn't at all surprised when, while walking around the neighborhood I spotted one of the old style iPod Shuffle's stuck in the snow under a thin layer of ice.
PHP Quebec - I just got back from PHP Quebec, and although the trip home was horrendous the conference itself was a lot of fun.
SanDisk Micro Cruzer - A review of the SanDisk Cruzer Micro USB drive and the enclosed U3 technology.