-
Archives
- August 2024
- January 2024
- December 2023
- September 2023
- July 2023
- March 2023
- August 2022
- January 2022
- October 2021
- October 2020
- May 2020
- March 2020
- November 2018
- September 2017
- October 2016
- December 2015
- September 2015
- January 2015
- November 2014
- July 2014
- April 2014
- March 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- November 2012
- October 2012
- July 2012
- June 2012
- April 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
-
Meta
Tag Archives: SDL
VULNEX Award and RSA USA speaker experience!
February has been both very interesting and busy! On February 17th I had the pleasure of collecting the first award of VULNEX by Spanish security magazine Red Seguridad for IT Innovation for our collaboration with DARPA (Defense Advanced Research Projects … Continue reading
Posted in Conference, Privacy, Security, Technology
Tagged Application Security, BinSecSweeper, Conference, SDL, Software Security, VULNEX
Leave a comment
AppSecUSA & BinSecSweeper Talk
Last week the OWASP AppSecUSA 2013 conference was held in the legendary New York City , where I had the pleasure of giving a talk on security software development title “Verify Your Software for Security Bugs” and present my new … Continue reading
Posted in Conference, Pentest, Security, Technology
Tagged Application Security, Apps, Information Security, Penetration Testing, Python, SDL, Software Security, VULNEX
Leave a comment
OWASP Top Ten 2013 free workshop
Yesterday, July 17th, I taught a free workshop about the OWASP Top Ten 2013 which was published recently that describes the 10 most common vulnerabilities in Web applications. This free workshop is a collaboration between the Catedral de Innovación of … Continue reading
Posted in Security, Technology, Threat Modeling
Tagged Application Security, attack vector, OWASP, SDL, Software Security, VULNEX, Web Security
Leave a comment
A Spanish startup selected by the DARPA Cyber Fast Track (CFT)
The security landscape changed in August 2011 at the Black Hat Conference when the legendary hacker of the L0pht Peiter “Mudge” Zatko presented the new program Cyber Fast Track (CFT) (DARPA-PA-11-52) from DARPA (Defense Advanced Research Projects Agency of the … Continue reading
Posted in Business, Pentest, Security, Technology
Tagged DARPA, Information Security, Penetration Testing, SDL, Software Security, VULNEX
Leave a comment
AppSec: Improve your software security with GCC Stack Protector Strong
The other day helping out a client to develop secure software it came to my mind that this topic could be of interest to my readers. Obviously this topic is quite wide, but in this article I will focus in … Continue reading
Posted in Pentest, Privacy, Security, Technology, Threat Modeling
Tagged Application Security, AppSec @en, attack vector, Compiler, GCC, Information Security, Linux, SDL, Software Security
Leave a comment
AppSec USA 2012: the experience
You know you are in Texas when you get out of the plane and hear country music through the airport and I was there indeed because the 25 and 26th of October the OWASP AppSec USA conference was taking place … Continue reading
Posted in Conference, Hacking, OWASP, Pentest, Privacy, SDL, Security, Technology, Threat Modeling
Tagged Application Security, Apps, Information Security, OWASP, SDL, Software Security, Web Honeypots
Leave a comment
AppSec: Static Application Security Testing (SAST) Free Tool Map
[Español] Cuando realizo un análisis de seguridad en una aplicación intento combinar el uso de Static Application Security Testing (SAST) y el Dynamic Application Security Testing (DAST) para obtener los mejores resultados. Dejamos DAST para otro post. [English] When I’m … Continue reading
Posted in Pentest, SDL, Security
Tagged Application Security, DAST, Information Security, SAST, SDL, Software Security
2 Comments
AppSec: Overview of Fuzzing Frameworks
[Español] En los últimos años el fuzzing se ha convertido en la mejor y más rápida (relativamente) técnica para descubrir fallos de seguridad, por lo que he pensado que sería un buen tema para introducir algunos conceptos y herramientas para … Continue reading
Posted in Hacking, Pentest, SDL, Security, Technology
Tagged Application Security, Fuzzing, Information Security, Penetration Testing, SDL, Software Security
Leave a comment
AppSec: Security Code Review Process
[Español] En mi trabajo paso la mayor parte del tiempo auditando código y he pensado que sería interesante para el lector contar un poco nuestro proceso y de paso ver cómo lo hacen los demás. [English] I spend most of … Continue reading
Posted in Microsoft, OWASP, Pentest, SDL, Security, Technology
Tagged Application Security, Information Security, Microsoft, SDL, Software Security
Leave a comment
AppSec: Static Analysis Using Visual Studio 2010 for Hunting C/C++ Bugs
[Español] Para este artículo hablaremos de una magnífica herramienta como es Visual Studio 2010, el entorno de desarrollo de Microsoft, que utilizo a diario para realizar auditorías de código en C/C++ o .NET. Cuando imparto clases sobre SDL es frecuente … Continue reading