Don’t write your own web application security scanner

Posted by:

Don’t write your own web application security scanner

tl;dr Don’t write your own web application security scanner, it is too hard. Contribute to an existing project instead.

Every now and then I receive an email with this format: “I’ve used web scanning tool X for a while and it doesn’t work the way I want. I’m writing my own tool and would like you to help me with some ideas/pointers”. Usually I answer privately, but that doesn’t seem to be scaling, so here’s my public response to all of you.

Writing and ...

Read more →
19
AUG
0

w3af

, , , , ,

Understanding HTML5 security

Posted by:

Last year was great, I had time to read and understand something that was a complete mystery for me: HTML5.

After reading through the great documentation and examples at html5rocks, applying the knowledge while developing PoC applications and going through all the HTML5 security papers available it felt right to give a talk about it. This is my Prezi for “Understanding HTML5 Security”, enjoy!

Read more →
30
APR
0

web security

, , , ,