(External Blog Post) XMPie, a Xerox Company, UStore Vulnerabilities Discovered

Recently during an External Penetration Test, a colleague of mine (Matthew Hier) and I came across some vulnerabilities on a commercial-of-the-shelf (COTS) eCommerce platform called XMPie uStore. The following blog post talks about what we discovered, our recommended remediation, and how we reached out to the Vendor and got ghosted Continue Reading

(External Blog Post) Web Application Weakness Trends

I am in a fortunate position where I conduct Web Application Penetration Tests quite often. I love it. I get to see all sorts of different types of applications, environments, web technologies, and I’m met with new challenges almost every assessment. It is fun getting creative, learning new attack methods, Continue Reading

(External Blog Post) Android Penetration Testing After Nougat

A while back I was assigned a mobile application penetration test. I was met with a unique challenge of testing an Android application, but found there to be challenges with Android accepting user supplied certificates (i.e. burp suite cert). Because of this, I couldn’t properly proxy the traffic from my Continue Reading