Browse by Category
Technical Work

Bypassing the Lenovo Thinkpad E550 BIOS Password

  I am not responsible for any damages or issues you may encounter while attempting the following, do it at your own risk and on hardware you own or for which you have permission.   There’s a lot of information out there already on how to bypass BIOS passwords which includes shorting but what I didn’t find were which EEPROM pins I needed to short on the particular motherboard found within my Thinkpad Model. Many ...continue


Choosing a Vulnerability Scanner

Originally written for Software Secured and published here. Vulnerability scanning aims to reveal security weaknesses in an application by using automated tools to assess its code, design, and functionality. Design flaws which lead to vulnerabilities like Cross Site Scripting (XSS), SQL Injection, path disclosure, and other vulnerabilities found in the OWASP Top 10. The Vulnerability Landscape Understanding what vulnerabilities exist and identifying those relevant to your application will be the first step in implementing vulnerability ...continue


Application Security Code Review Introduction

Originally written for Software Secured and published here. Security code review is a process which systematically applies a collection of security audit methodologies capable of ensuring that both environments and coding practices contribute to the development of an application resilient to operational and environmental threats. In practice, code reviews can take on numerous forms including lightweight code discussions or more involved processes such as pair programming, over the shoulder programming, and tool assisted practices. More ...continue


Secure Scrum – Integrating Security with Agile

Originally written for Software Secured and published here. Successfully implementing strong application security is one of the most challenging non-functional tasks Scrum teams face.Traditional application security practices which carefully integrate security throughout the Software Development Lifecycle (SDLC) are often at odds with Scrum methodology which favors responsive development cycles that quickly produce working code. To unite the strengths offered by Scrum with the necessity of security, professors from the Munich IT Security Research Group modified ...continue


Secure Application Configuration Basics

Originally written for Software Secured and published here. In June of 2016 it was revealed that a database maintained by a large data brokerage company was hacked exposing 154 million US voter records and personal details like gun ownership, positions on gay marriage, and email addresses were retrieved. Database misconfiguration was the cause, the CouchDB database which stored the information was not configured to require authentication in order to access the voter records it held. ...continue


* Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.