Folks may debate the merits of the SHODAN tool, but in my opinion it’s a valuable resource, especially if used for “good”. What is SHODAN? I think ThreatPost summed it up nicely: “Shodan is a Web based search engine that discovers Internet facing computers, including desktops, servers and routers. The engine, created by programmer John… Continue reading
Post Category → Vulnerabilities
CVE Queries Right From Your Browser’s Address Bar
I’m not sure why I never did this earlier, but a post on LifeHacker gave me an idea to add location bar quick search of CVEs (Common Vulnerabilities and Exposures), no doubt due to their example on searching LifeHacker for “security”. My two favorite sites for searching CVE specifics are, at present, Risk IO’s and… Continue reading
Three Resolutions For Web Developers
I’m on a “three things” motif for 2012, as it’s really difficult for most folks to focus on more than three core elements well. This is especially true for web developers as they have so much to contend with on a daily basis, whether it be new features, bug reports, user help requests or just… Continue reading
Micropwns :: Risk Microprobabilities for Infosec?
NOTE: This is a re-post from a topic I started on the SecurityMetrics & SIRA mailing lists. Wanted to broaden the discussion to anyone not on those (and, why aren’t you on them?) I had not heard the term micromort prior to listening to David Spiegelhalter’s Do Lecture and the concept of it really stuck… Continue reading
Metricon: Software Security’s Futures Plural
UPDATE – 2011-02-26: Alphonso has posted his slides and BeeWise is open! Speaker: Alfonso De Gregorio How do we build a future in software security? /me: the slides that will be posted have a ton of detail that Alfonso sped through. you’ll get a very good feel from them Metrics are the servants of… Continue reading
“Web Development Is Dangerous”
Those were the words that greeted me within five minutes of checking out the Flask microframework for Python web applications. I feel compelled to inline those four, short paragraphs: I’m not joking. Well, maybe a little. If you write a web application, you are probably allowing users to register and leave their data on your… Continue reading
AwesomeChartJS Meets Microsoft Security Bulletins
I wanted to play with the AwesomeChartJS library and figured an interesting way to do that was to use it to track Microsoft Security Bulletins this year. While I was drawn in by just how simple it is to craft basic charts, that simplicity really only makes it useful for simple data sets. So, while… Continue reading