All your Azure Clouds are Belong to us

A few people asked me why I was thanked in the March 2016 Security Researchers Acknowledgements For Microsoft Online Services. They probably hoped to get a few free beers celebrating my huge bug bounty. Alas, no bug bounty, since the reported issues were not really in scope of the Microsoft Online Services »

Mapping the Skies, OWASP ASVS against Testing Guide (part one)

Unfortunately there are too many standards to choose from in the security world. If one needs to be compliant with multiple standards you better know where they overlap, what is not included, where they contradict each other, or where the level of detail is completely different. Until every vendor agrees that one »

Application Security Highlights (November 2011)

This is a list of articles, blog entries and research related to application security that I found interesting and worthwhile reading this month. Discovery Techniques The paper “One Technique is Not Enough: A comparison of Vulnerability Discovery Techniques” by Andrew Austin and Laurie Williams of the Department of Computer Science of the »

The Lazy Man’s Way to Hacking Application Frameworks

I admit, this is again a list with reference to other peoples research or tools. This time the list is about references to studies about the security features (or the lack thereof) in application frameworks or specific attacks against frameworks. Consultants always have lists of interesting websites, blogs, browser favourites, research papers »