Today I was hanging out in one of my favorite Slack servers and I decided to drop a small pitch for Paladin Security in the vendor related channel. (Yes, I checked with the admin before I did so.) Someone popped up and asked me if I gave discounts for open source web apps. Huh… do I? I hadn’t really thought … Read More
CSRF and Cross Origin Request Sharing
Cross Site Request Forgery (CSRF) is a pretty straightforward flaw to take advantage of. Explaining it can be more difficult, due to the number of conditions that have to be met. This post isn’t meant to be a primer on CSRF, but here are the conditions that must occur. The targeted app has a critical transaction that uses predictable inputs … Read More
New Open Source Project Created – Reconnoiter
Earlier this month I decided to take the scripts for username generation and roll them into an open source project. There were a couple of reasons for doing so. First, I needed source control hosting and SourceForge provides that for free as long as you release the project to the public. Second, I want to expand the scope of it … Read More