skip to Main Content

Posts by Jason Haddix

CISO Q&A: Kim Green

This week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.

Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.

Read More

New Industry Report: 2017 CISO Investment Blueprint


What are CISOs concerned about in application security for 2017?

What are their spending and resource allocation priorities?

What does the modern-day appsec landscape look like?

At the end of 2016 we surveyed some security industry leaders to get their thoughts on the current state of application security and what is to come for appsec organizations over the next twelve months. We discovered that application security organizations are at a steep disadvantage and their current positions may not be enough to keep up with modern attackers:

Read More

A hacker at CES: An analysis of security at the Consumer Electronics Show

I recently attended the world’s largest consumer technology show in the world: CES. It was my first time at the show and I was excited to not only see the latest gadgets, but also attend some of the sessions. Of course, as a hacker I couldn’t help but apply the “how to break in” filter to everything I saw, especially with the growth of IoT as an attack vector in the last couple of years. I didn’t go it alone: my friend and colleague Daniel Miessler joined me. Daniel is the Director of Advisory Services at IOActive and project leader for the OWASP IoT project.

Read More

A Hacker at CES

Today is the first day of another Consumer Electronics Show–CES. Launched 50 years ago the show has been the place to see the latest gadgets, but over the last several years the scope of the show has grown. From cars to drones to personal fitness devices, the show once named for the consumer “electronics” it showcased now features all things consumer technology. 

Read More

Big Bugs | Episode 6: API Security and the Internet of Things w/ Fitbit

The unprecedented growth and adoption of connected devices have created innumerable threats for organizations, manufacturers, and consumers, while at the same time creating unprecedented opportunities for hackers. In this episode of Big Bugs, Jason Haddix joins Fitbit’s security team to explore what it takes to effectively hack connected devices through APIs, and how the role of defenders has evolved in this domain.

The speakers explore the growing prevalence of connected devices in our lives, the use of APIs, the increasing importance of API testing in its new form (REST vs older XML based testing), and how it’s a valuable skillset for researchers as well as organizations.

Read More

Big Bugs | Episode 5: Big XSS–Not an Oxymoron

Over the past 10+ years, Cross-Site Scripting has made its way into just about every ‘top-ten vulnerability’ list and has consistently starred in headlines and POCs. XSS vulnerabilities are also commonly submitted through bug bounty programs, and many write them off as ‘low hanging fruit.’ We’re here to tell you that not all XSS are created equal.

This episode of Big Bugs examines the reason we’re experiencing XSS-Fatigue, some examples of high impact XSS bugs found in the wild, and resources for defenders and offenders.

Read More

Big Bugs Podcast Episode 4: Fun and Hacking with Pokemon Go!

big-bugs-pokemon.pngThis week’s Big Bugs podcast is near and dear to my heart, combining three of my favorite things: mobile hacking, gaming, and security in general. In this episode, I’ll start by giving a brief history of Niantic and Pokemon Go and review some of the few technical issues that the game has experienced. The bulk of this podcast will be focused on how the hacking scene found ways to reverse engineer the game, and of course some tips and tricks so you can catch ’em all.

It’s a bit longer than the usual Big Bugs podcast, but I feel like it’s well worth it, as the Pokemon Go phenomenon has been amazing to experience and be part of. Below the recording, I’ve included some notes to accompany this episode, and resources referenced as well.

Subscribe to our Bugcrowd Podcast RSS feed here: 

Read More

Big Bugs Podcast Episode 2: ImageTragick Up Close

This morning we released the second episode of our new podcast series ‘Big Bugs’ hosted by me. This episode, embedded in this post and available on SoundCloud, takes a look at the recently popularized bug, ImageTragick. I discuss the detection and remediation time line of the widespread bug in the image processing suite, ImageMagic, as well as the implications it has for developers and researchers.

Read More

Big Bugs Podcast Episode 1: Auto Bugs – Critical Vulns found in Cars with Jason Haddix

Today we released our first episode of our new podcast series ‘Big Bugs’ hosted by me. Our first episode, embedded in this post and available on SoundCloud, provides an introduction to the car hacking space. With case studies of successful attacks and research from the past years, I also provide some technical resources for testing as well as technical resources for developers. Enjoy!

Read More
Learn More About Security Testing Unlocked From a Joint Webinar With Bugcrowd And IOActive Register Now
+
Back To Top