Securing Healthcare.gov – Failures, Fixes, and Next Steps
Introduction The views expressed in this blog are my own. Just to be clear, that means they are not the views of my employer, co-workers, family, friends, casual acquaintances, strangers, or anyone other than myself. There has been plenty of news coverage about the security flaws that have plagued Healthcare.gov since it went live in October 2013: Hackers: HealthCare.gov still riddled with potential security issues Exclusive: Security Risks Seen at…
Read more...Tags:Air Force , C&A , Certification and Accreditation , CMS , dave kennedy , Frank Baitman , healthcare , healthcare.gov , HHS , Kevin Charest , Larry Ponemon , Lunarline , obamacare , ponemon , security , Superior Solutions , Teresa Fryer , TrustedSec , Waylon Krush
How NOT To Restrict Cross-Domain Flash Content
are closed
Introduction Insufficient input validation is a problem I encounter practically every time I test an application. I’ve talked about relying on input validation as a prevention mechanism before (see here and item #8 here) but since it’s such a prevalent problem I figured I’d take the time to write about it once again. While a good supplemental control, by itself input validation is usually woefully inadequate. Quite frankly, it often requires much…
Read more...Tags:bounty , bug bounty , cross domain , crossdomain , flash , jpexs , paypal
Windows Exploit Development – Part 5: Locating Shellcode With Egghunting
are closed
Overview In Part 4 we looked at how to find and execute your shellcode using various jump methods. In Part 5 we’re going to look at another method to find your shellcode called Egghunting. This method is especially useful when you’re faced with a small, reachable buffer (in which you can execute code) but the placement of your larger shellcode in memory is unpredictable. This post will get into quite…
Read more...Tags:coolplayer , egg sandwich , egghunter , egghunting , exploit , exploit development , omelette , shellcode , windows
are closed