BCC Risk Advisory Blog

Our RSA Europe class was delivered yesterday in Amsterdam.4 hours of defensive coding techniques.

Continue Reading

Vulnerability Management: The age old penetration test is dead, long live the penetration test...So as discussed before a 1-off penetration test does not work, why?

Continue Reading

About XSS vectors...

Continue Reading

Ireland is not an Island....As many of you know I am passionate about how we as a country secure the systems, networks and the critical elements of our national infrastructure that we all depend on.

Continue Reading

There was a recent discussion on the OWASP Testing guide list, a project I used to lead, in relation to "How to test for business logic issues"This is a real tough one to document in terms of "How to..."

Continue Reading

Below is the link to our OWASP Training at RSA on the 24th Feb 2013

Continue Reading

Why do we look at Cross Site Scripting, Command Injection and SQL injection in different ways?Why am I even writing about such old issues like SQLI, XSS, CMDi? Probably because they are very similar from a builder/prevention aspect but very different from a breaker/defender aspect.

Continue Reading