Here is a consolidated view of all of our articles available for download.
Oct2016 issue of Drone Magazine, article on the Danger Drone.
Rob Ragan and Vincent Liu author The Challenges of Automated Application Assessments in a Web 2.0 World, which discusses the difficulties of properly auditing modern Web 2.0 applications.
Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place.
Once you've completed a security assessment as a part of your web application development, it's time to go down the path of remediating all of the security problems you uncovered.
If an organization isn't taking a systematic and proactive approach to web security, and to running a web application vulnerability assessment in particular, then that organization isn't defended against the most rapidly increasing class of attacks.
Most people attempt to define penetration testing as a network attack against an Internet DMZ with the goal of breaking into the internal network. Fundamentally, however, penetration testing is properly defined as the simulation of an attack against a target network or application, encompassing a wide range of activities and variations.
Forensic investigations start at the end. Think of it: You wouldn’t start using science and technology to establish facts (that’s the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.
There is a general tendency among courts to presume that forensic software reliably yields accurate digital evidence. As a judicial construct, this presumption is unjustified in that it is not tailored to separate accurate results from inaccurate ones. Vincent Liu illustrate this unfortunate truth by the presentation of two currently uncorrected weaknesses in popular computer forensic tools, methods, and assumptions.