Browse by Category
Technical Work

Bypassing the Lenovo Thinkpad E550 BIOS Password

  I am not responsible for any damages or issues you may encounter while attempting the following, do it at your own risk and on hardware you own or for which you have permission.   There’s a lot of information out there already on how to bypass BIOS passwords which includes shorting but what I didn’t find were which EEPROM pins I needed to short on the particular motherboard found within my Thinkpad Model. Many ...continue

Introduction to SQL Mitigation

What is SQL Injection? Originally written for Software Secured. The popularity of Structured Query Language (SQL) injection attacks has grown significantly over the years and employing relevant mitigation practices will help your application from being added to a growing list of insecure applications implicated in significant data breaches. Despite its release nearly 30 years ago, SQL injection has been responsible for millions of lost records with damages also in the millions, earning itself the #1 ...continue

Choosing a Vulnerability Scanner

Originally written for Software Secured. Vulnerability scanning aims to reveal security weaknesses in an application by using automated tools to assess its code, design, and functionality. Design flaws which lead to vulnerabilities like Cross Site Scripting (XSS), SQL Injection, path disclosure, and other vulnerabilities found in the OWASP Top 10. The Vulnerability Landscape Understanding what vulnerabilities exist and identifying those relevant to your application will be the first step in implementing vulnerability scanning practices. The ...continue

Application Security Code Review Introduction

Originally written for Software Secured. Security code review is a process which systematically applies a collection of security audit methodologies capable of ensuring that both environments and coding practices contribute to the development of an application resilient to operational and environmental threats. In practice, code reviews can take on numerous forms including lightweight code discussions or more involved processes such as pair programming, over the shoulder programming, and tool assisted practices. More advanced methodologies involve ...continue

Secure Scrum – Integrating Security with Agile

Originally written for Software Secured. Successfully implementing strong application security is one of the most challenging non-functional tasks Scrum teams face. Traditional application security practices which carefully integrate security throughout the Software Development Lifecycle (SDLC) are often at odds with Scrum methodology which favors responsive development cycles that quickly produce working code. To unite the strengths offered by Scrum with the necessity of security, professors from the Munich IT Security Research Group modified Scrum allowing ...continue

Secure Application Configuration Basics

Originally written for Software Secured. In June of 2016 it was revealed that a database maintained by a large data brokerage company was hacked exposing 154 million US voter records and personal details like gun ownership, positions on gay marriage, and email addresses were retrieved. Database misconfiguration was the cause, the CouchDB database which stored the information was not configured to require authentication in order to access the voter records it held. Secure configuration practices ...continue

* Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.