ColdFusion had several exploits in the past. ColdFusion 10 being the latest and stable release from Adobe it was hard to find any ready exploits.

Last week I spoke at OWASP day in Auckland, New Zealand. It was all security+fun and had a crowd more than expected, ~600 approximately.

Very often, I have encountered problems with updating nessus home feed plugins and components. This is the common message from Nessus.

Recently, we got an opportunity to do a security hands-on on an Android native application. This application does not communicate to internet via HTTP protocol or mobile browser. The application communicates with the remote server over TCP on some XYZ port.

Monday morning and you hear the great news. How does it feel? Just received an email fromCREST Australiathat I have cleared the exam and now I’m CREST certified professional…JI’m all excited…J

Many times I have encountered a problem with projects where large scanning of network host is required. In that case, you simply cannot expect your consultant to scan each host individually, analyze output and list down all vulnerable ports/services. Yes..we can even detect open ports with Nessus but still it has a host limitation per scan.