SANS Penetration Testing

NoSQL? No Problem! Pillaging MongoDB for Fun and Profit

By Josh Wright Database technology continues to evolve to meet different application needs. One example of this is the adoption of NoSQL databases used by many different modern web applications. NoSQL databases depart from the traditional table-based storage mechanisms widely known and loved (mildly appreciated?), and instead store simple key-value data pairs, JSON documents, graph … Continue reading NoSQL? No Problem! Pillaging MongoDB for Fun and Profit


TLS/SSL Failures and Some Thoughts on Cert Pinning (Part 1)

By Chris Crowley It's going to happen sooner or later...sooner probably. You're going to be asked about your company's mobile app or a mobile app your company wants to install across all mobile devices. They'll put the request in the "yet another duty as assigned" (YADAA) category/bucket. You look at the network traffic; it's using … Continue reading TLS/SSL Failures and Some Thoughts on Cert Pinning (Part 1)


Using the SSH "Konami Code" (SSH Control Sequences)

By Jeff McJunkin Are you familiar with the Konami code? The one popularized by the Contra video game? Pictured above: Tangentially related to SSH If not, let me fill you in. This code is a sequence of control actions for some video games that'll let you jump forward in the game (some call it a … Continue reading Using the SSH "Konami Code" (SSH Control Sequences)


What's the Deal with Mobile Device Passcodes and Biometrics? (Part 2 of 2)

By Lee Neely In the first installment of this 2-parter, I discussed the use of mobile device fingerprint scanners to unlock the device. As a follow-up, I'd like to discuss how a developer can integrate the scanner into their applications. This discussion may provide some insights into how to secure mobile apps, or even inspire … Continue reading What's the Deal with Mobile Device Passcodes and Biometrics? (Part 2 of 2)


What's the Deal with Mobile Device Passcodes and Biometrics? (Part 1 of 2)

By Lee Neely Introduction Mobile device administrators and end users need to be more cognizant of the risks of allowing unauthorized access to their smartphones and take steps to raise the bar on accessing those devices to mitigate those risks. This is part one of two articles on securing mobile device access. In this article, … Continue reading What's the Deal with Mobile Device Passcodes and Biometrics? (Part 1 of 2)