Pro Bono Penetration Tests for Open Source Projects

Today I was hanging out in one of my favorite Slack servers and I decided to drop a small pitch for Paladin Security in the vendor related channel.  (Yes, I checked with the admin before I did so.) Someone popped up and asked me if I gave discounts for open source web apps.  Huh… do I?  I hadn’t really thought … Read More

CSRF and Cross Origin Request Sharing

Cross Site Request Forgery (CSRF) is a pretty straightforward flaw to take advantage of.  Explaining it can be more difficult, due to the number of conditions that have to be met.  This post isn’t meant to be a primer on CSRF, but here are the conditions that must occur. The targeted app has a critical transaction that uses predictable inputs … Read More

New Open Source Project Created – Reconnoiter

Earlier this month I decided to take the scripts for username generation and roll them into an open source project.  There were a couple of reasons for doing so.  First, I needed source control hosting and SourceForge provides that for free as long as you release the project to the public.  Second, I want to expand the scope of it … Read More