Bill Sempf

Mar 12, 2022

Vulnerability Analysis is just fancy QA

Test an application for vulnerabilities is just like testing an application for meeting the business...

Feb 16, 2022

On Tools

Not too long ago, I was asked to do a technical interview for a set of tests. This isn't unhea...

Apr 25, 2021

Application Security This Week for April 25

A fun tool that finds weak Active Directory passwords, and then notifies the user. https://github.co...

Apr 18, 2021

Application Security This Week for April 18

Pwn2Own had some interesting browser vulnerability results: https://www.zerodayinitiative.com/blog/2...

Apr 11, 2021

Application Security This Week for April 11

Surprisingly good article from the BBC about firmware attacks https://www.bbc.com/news/business-5667...

Mar 28, 2021

Application Security This Week for March 28

Guess who forgot to do a newsletter last week? Cool file upload attack to get access to SSH u...

Mar 14, 2021

Application Security This Week for March 14

Happy pi day! Missive on the insecurity of C as a programming language. https://daniel.haxx.s...

Mar 07, 2021

Application Security This Week for March 7

This is a pop culture article about why mobile application can be insecure (from Wired) but it is we...

Feb 28, 2021

Application Security This Week for February 28

Portswigger published their Top 10 Hacking Techniques for 2020. https://portswigger.net/research/top...

Feb 21, 2021

Application Security This Week for February 21

Microsoft has some guidance for containers using .NET https://devblogs.microsoft.com/dotnet/staying-...

Feb 14, 2021

Application Security This Week Valentines Day edition

Apparently I failed to publish last week. Sorry about that. Rolling shellcode from objects in...

Jan 31, 2021

Application Security This Week for January 31

Using Machine Learning to perfect SQL Injection https://portswigger.net/daily-swig/machine-learning-...

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

2025
- April (1)
- March (2)
- February (1)
2024
- November (1)
- April (1)
- March (2)
- February (2)
2022
- June (1)
- April (1)
- March (1)
- February (1)
2021
- April (3)
- March (3)
- February (3)
- January (4)
2020
- December (5)
- November (5)
- October (3)
- September (4)
- August (5)
- July (4)
- June (5)
- May (6)
- April (3)
- March (5)
- February (4)
- January (5)
2019
- December (5)
- November (4)
- October (4)
- September (3)
- August (5)
- July (4)
- June (4)
- May (2)
- April (4)
- March (6)
- February (3)
- January (3)
2018
- December (5)
- November (4)
- October (3)
- September (3)
- August (4)
- July (6)
- June (5)
- May (8)
- April (7)
- March (2)
- January (1)
2017
- December (1)
- November (2)
- October (1)
- September (2)
- June (2)
2016
- January (1)
2015
- December (6)
- September (2)
- August (1)
- July (1)
- March (1)
- January (1)
2014
- October (1)
- September (3)
- August (2)
- July (1)
- March (2)
- January (3)
2013
- December (2)
- November (1)
- October (2)
- May (1)
- April (1)
- March (2)
- January (1)
2012
- December (1)
- August (1)
- July (6)
- June (1)
- May (2)
- April (1)
- March (3)
- February (2)
- January (1)
2011
- December (1)
- November (1)
- October (4)
- September (2)
- August (1)
- June (1)
- May (1)
- April (2)
- March (1)
- February (1)
- January (3)
2010
- November (1)
- October (2)
- September (6)
- August (8)
- June (5)
- May (1)
- April (4)
- March (4)
- February (5)
- January (4)
2009
- December (2)
- November (3)
- October (4)
- September (4)
- August (2)
- July (3)
- June (6)
- May (2)
- March (1)
- February (4)
2008
- November (2)
- October (1)
- August (1)
- July (1)
- June (2)
- May (2)
- April (2)
- February (2)
- January (1)
2007
- September (1)
- July (6)
- June (4)
2006
- November (3)
- October (1)
- June (2)
- May (2)
- April (2)
- March (1)
2005
- September (1)
- August (2)

Mastodon