<img height="1" width="1" src="https://www.facebook.com/tr?id=1879927395628828&amp;ev=PageView &amp;noscript=1">
Phillip Seay

Phillip Seay

Recent Posts By Phillip Seay

Quick and Easy Fortify Scans

Over the years, I’ve occasionally run security scans on projects that were buildable using Maven or Ant. Those of you ...

More Adventures in Pentesting

I was recently given three iOS applications on which to conduct penetration tests. I took the applications’ .ipa files ...

The Many Frustrations of Being Cert Blocked

The other day, I was conducting a penetration test of a client’s software and ran into the following errors: Firefox ...

Racing to Disaster - Some thoughts about thread safety

When I was interviewed for my current job, I was asked by multiple people in the application security group about ...

CVE-2017-5638

If your application is running Struts 2 2.3 - Struts 2.3.31 or Struts 2.5 - Struts 2.5.10, you’re vulnerable to a ...

Manual SQL Injection and ORM Injection Searches

Much like XSS, SQL and ORM injection are among those vulnerabilities that are detected quite well by the mainstream ...

Grepping as a Sanity Check

The popular static analysis tools (e.g., Fortify, Checkmarx, Appscan) are good when it comes to finding coprophagic ...

Dealing with Big FPRs

Following up on our blog post from Steve Wolf on tips on memory usage with Fortify, I’d like to provide tips on a ...

SSL Testing Tools

Checking for weaknesses in a site’s transport-layer security is a basic part of any penetration test. I found recently ...

Scanning Obscure Languages and Bytecode with Fortify

HP Fortify's Static Code Analyzer (SCA) is an excellent tool for doing security analysis in no small part because of ...

Email Security | Malvertising Quick Fix

I've got an anti­malvertising technique that I've been using for a while ­ I thought this might help others out there. ...

Kaspersky Hates Apple (Troubleshooting iTunes Sync and CPU

This post is only tangentially related to security, but I hope it spares others out there some grief. Sometimes it is ...

OSVDB R.I.P.

osvdb.org — the online "Open Source Vulnerability DataBase" has been eviscerated. The database part — i.e., the most ...

Application Exhibitionism

A couple of weeks ago, I was pentesting a high-profile mobile application. One of its many sins — though far from its ...

Man-in-the-Middle for Mobile

If you’ve ever had to conduct a penetration test against a mobile application, and if the application has decent ...

Want more of the AsTech Blog? You got it.
Blog subscribers get email updates twice a week.

Comments