Today I started a new project that I’ve been thinking about for awhile. It’s located at – https://appsec.fyi. It is a growing collection of interesting links that I’ve found regarding varying application security topics. The basic site is up and the plumbing is there. Just need to add more content. Check it out!
Excited to see AuthHeader Updater on a list of awesome burp extensions !
Just whipped together a new Burp extension called perfmon (not to be confused with the Windows tool of the same name). I was really interested in the the resource usage of Burp while doing certain activities.
It adds a new tab to Burp and samples every 5 seconds-
Current and max number of threads in use
Current and max memory used
Current and max memory allocated
Sitting here on a cold, snowy day thinking about secure design principles. These are key to think about during the design phase of a feature/project?
Total Mediation – every access to every resource must be validated every time
Economy of Mechanism – keep it as simple as possible
Fail-Safe – in case of failure, default to a secure state
Defense in Depth – layer security
Open Design – the security of a system should not be dependent on secrecy of its design or implementation
PwnedCheck
PwnedCheck is a gem that checks http://haveibeenpwned.comto see if an email address or user handle has been involved in a breach.
How to Install
How to Use
Jekyll-Clicky
Jekyll-clicky is a gem to add clicky analytics to a site generated with Jekyll.
Installation
Add this line to your application’s Gemfile:
And then execute:
Or install it yourself as:
### Usage Add-
to _config.yml in your jekyll site directory. Replace ### with the id of your clicky site.
Just finished my talk about extending Burp at Derbycon VII. Thanks to everyone that attended! I’m really thankful for the opportunity to present on the topic.
The Details-
Slides –
Video in Slides (Slide 14) Source Code – https://github.com/sampsonc/searchplusplusVideo of the Presentation I’d love to hear any comments/questions.