Articles about: Infosec

Doing HTTP Sessions badly

In this article I explore some ways in which HTTP sessions can be used badly. I'm not talking from a church of RESTafarianism position here. I'm cool with web applications using HTTP sessions, but I want to explore the pitfalls of using them badly and given some easily followed guidance to… Read more »

Ambient Asset Management revisited

A while back I introduced the concept of ambient asset management. On further research I discovered some glaring gaps in that approach which I explore today. Read more »

Ambient Asset Management

Asset Management can be a time-consuming and disconnected process. As a result, Shadow IT resources slip through the gaps and threaten compliance objectives. Compliance objectives are more than box ticking, they affect brand, marketing, and sales. I present a simple solution to this: Ambient… Read more »

Exploiting information leaks in SQL injection

In some cases a SQL injection doesn't result in a trivial exploit. Instead of a direct hack, there could be an information leak vulnerability. Here's an example of a vulnerable application and an efficient attack on the information leak. Read more »