Software Engineering by Nick Galbreath
New Techniques in SQLi Obfuscation: SQL never before used in SQLi
After analysis of tens of thousands of real world SQLi attacks, both WAFs and attackers have missed a number of the finer points of SQL. This presentation was first given at DEFCON 20 in Las Vegas, NV
libinjection: a C library for SQLi detection and generation through lexical analysis of real world attacks.
libinjection: a C library for SQLi detection and generation through lexical analysis of real world attacks. First presented on July 25, 2012 at Black Hat USA, Las Vegas.
Time Tested PHP: Advanced Testing Techniques with libtimemachine
Using libtimemachine one can shift the system time as seen by PHP. This allows for advanced testing needed for budgeting, financial, and crytopgraphic appications
Better Random Numbers in PHP with /dev/urandom
Prevent and fix problems with PHP's random number generations by using /dev/urandom.
Facebook Extends Fundemental Social Networking Privacy Patent
Facebook extends fundamental social networking patent; Nick Galbreath listed as inventor.
Data-Driven Security: Managing Risk at Etsy
Using data to measure, manage, and expose security problems, fraud and other problems using Splunk
SANS AppSec Blog on Continuous Deployment and Security
What is continuous deployment, how it works, and why it's good for security
Robots, Graphs and Binary Search
Post on Code as Craft on monitoring and detecting robotic traffic through origin IP addresses
Rate-Limiting at Scale
The hows, whys and whats of rate-limiting user behavior at web-scale. First presetned at SANS AppSec Summit, Las Vegas NV on May 1, 2012
What You Can Learn From Small Companies about AppSec
From the SANS AppSec Panel, Las Vegas, NV on April 30, 2012.