Secure Development – Security in every pipeline


Nowadays we use the term “safe coding” or even “safe design” these terms are becoming more and more common among the creators of Secure development and Application Security. However, for this to be completely true in our development processes we need to truly understand this term’s concept, and how Application Security is connected to them.An […]

Read more

Conviso acquired

Conviso acquired Gauntlet

The technology developed by Gauntlet will be incorporated to the AppSec Flow, expanding the services spectrum in AppSec Conviso proudly announces the acquisition of Security, an application security testing company, whose technology is to complement the Continuous Application Security portfolio by Conviso. The approach for this acquisition is technical, since Gauntlet´s automated tests complement […]

Read more

Setting up an IPSEC VPN using OpenSwan in cloud environments

OpenSwan Cloud

This is a brief tutorial that aims to help those who are new in setting up an IPsec VPN connection with OpenSwan, hosted in cloud environments like Google Cloud and Amazon Web Services. I imagine you have an instance, lets say on Google Cloud, and want to establish an IPSec tunnel with another client outside […]

Read more

Playing with Sandbox: An analysis of Capsicum

  Introduction   In this post we talk a little about sandbox. People that work and study software exploitation know the sandbox concept. This kind of feature when properly implemented on a system makes hard to exploit some kind of vulnerabilities, especially that involving memory corruption. In wikipedia we have a good reference about this: […]

Read more

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability – CVE-2014-7816

WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.WildFly is free and open-source software, subject to the requirements of the GNU Lesser General […]

Read more

HP Operations Manager Perfd Environment Scanner

During a intrusion test conducted recently, I found a daemon called perfd ​​which is listening on port 5227. According to IANA[1], the daemon is “HP System Performance Metric Service”[2] service. After a quick analysis, I discovered that the daemon responds with vital data and we can view information such as CPU, disks, processes etc. Commands:“u” […]

Read more

RIPS Scanner v-0.54 – Local File Include (LFI)

Hi there, For those using the RIPS scanner [1] to help the analysis of vulnerabilities on PHP code, pay attention not to leave it running on your network or available to the internet, where anyone can access it.  In a very brief static code analysis of RIPS we found two “Local File Include” (LFI) vulnerabilities as […]

Read more

Worst and best practices for secure password storage

A password is meant to secure an asset against unauthorized access from an attacker. In order to prevent someone from gaining access, the password must be hard to guess, and that means that it must be strong enough to avoid guessing based attacks (like dictionaries and brute-force). Some heuristics to prevent a weak password are a […]

Read more

From Deploy WAR (Tomcat) to Shell (FreeBSD)

O objetivo deste post é demonstrar como a implementação insegura de serviços na rede pode facilitar o comprometimento de toda a infraestrutura de sua empresa. Neste caso a demonstração será com a instalação padrão do Apache Tomcat [1], em um servidor com o sistema operacional FreeBSD [2], sem nenhum ajuste nas configurações ou hardening no pós-instalação. […]

Read more

ekoparty 2013 – Wrap Up of 1st Day

Ekoparty is an Infomartion Security Conference that happens every year in Buenos Aires Argentina. And it is known as one of the best InfoSec Conferences in Latin America, if not the best, at least in my opinion so far. The first day at Ekoparty 2013 was mostly for Registration, Workshops and Wardriving. The venue is […]

Read more

1 2 3