2012-07-25

libinjection: a C library for SQLi detection and generation through lexical analysis of real world attacks.

libinjection: a C library for SQLi detection and generation through lexical analysis of real world attacks. First presented on July 25, 2012 at Black Hat USA, Las Vegas. Read  more»
2012-07-20

Time Tested PHP: Advanced Testing Techniques with libtimemachine

Using libtimemachine one can shift the system time as seen by PHP. This allows for advanced testing needed for budgeting, financial, and crytopgraphic appications Read  more»
2012-07-19

Better Random Numbers in PHP with /dev/urandom

Prevent and fix problems with PHP's random number generations by using /dev/urandom. Read  more»
2012-07-10

Facebook Extends Fundemental Social Networking Privacy Patent

Facebook extends fundamental social networking patent; Nick Galbreath listed as inventor. Read  more»
2012-06-12

Data-Driven Security: Managing Risk at Etsy

Using data to measure, manage, and expose security problems, fraud and other problems using Splunk Read  more»
2012-06-04

SANS AppSec Blog on Continuous Deployment and Security

What is continuous deployment, how it works, and why it's good for security Read  more»
2012-05-24

Robots, Graphs and Binary Search

Post on Code as Craft on monitoring and detecting robotic traffic through origin IP addresses Read  more»
2012-05-01

Rate-Limiting at Scale

The hows, whys and whats of rate-limiting user behavior at web-scale. First presetned at SANS AppSec Summit, Las Vegas NV on May 1, 2012 Read  more»
2012-04-30

What You Can Learn From Small Companies about AppSec

From the SANS AppSec Panel, Las Vegas, NV on April 30, 2012. Read  more»
2012-04-03

DevOpsSec - Applying DevOps Principles to Security

What is DevOps? And how we can learn from it and apply it to security? First presented at DevOpsDays Austin, Texas on April 3, 2012 Read  more»