Automate finding relational vulnerabilities for a more accurate risk rating

Intro

Anyone else thinking about pretzel Combos right now? Yeah me neither.. This blog isn’t actually about those (sorry), it’s about vulnerability chaining in Application Security but this concept could apply to Network Security as well. I was asked recently…

Intro

I’m so sorry it’s been nearly SEVEN MONTHS since my last blog! A lot has changed in my personal life (burnout, job change, selling ABC books, new baby, coaching youth soccer, pumpkin patch?) and I just haven’t had the time to research or write anything fun in a while. …

UPDATE: The founder of 1Password responded to this blog after it was posted and explained that the majority of password managers out there leverage Mozilla’s Public Suffix List (PSL) to determine how the domain is to be treated. He looked and saw that Auth0 was not on the list for…

Intro

I previously wrote in another blog last year about the responsibilities companies have to protect their users when it comes to vulnerabilities and not just their own assets. Although not a continuation of that specific topic, I felt compelled to write this post due to the string of recent events…

My Holiday Hack Challenge Report

Update: I received an Honorable Mention! Thanks SANS! Also, I realized after reading other people’s reports that I completed a few of these objectives in unconventional ways. Specifically, The Holiday Trail, Reverse Engineering Encryption, and the SQLi Student Portal one. See the other amazing reports…

Curtis Brazzell

Passionate geek for Information/Cyber Security! I’m always learning and am happy to contribute anything I can share with the community. Follow me @ Twitter!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store