SensepostInterview

From Paul's Security Weekly
Jump to: navigation, search

Introduction

We are very excited to talk to some of the folks at Sensepost. In this interview we will be talking to:

  • Charl van der Walt - Director of Service Delivery
  • Haroon Meer - Technical Director
  • Marco Slaverio - Senior Security Analyst (and author of Squeeza)

Resources

Free Tools From Sensepost - Bidihblah, Squeeza, Wikto, and more!

More tools from Sensepost! - BILE is great!

"Its All About Timing" - Blackhat USA 2007 presentation - Don't forget to check out the associated Whitepaper, and the tool "Squeeza".

Penetration Tester's Open Source Toolkit

Question Outline

  • Could each of you introduce yourself and describe how you got into the information security field?
  • Who is Sensepost and what do you do?
  • You have an impressive array of tools and products available on your web site, lets talk about a few:
    • Bidiblah
    • Wikto
    • Aura
    • BILE
    • Others you want to mention aside from Squeeza?
  • Lets talk about Squeeza, which was released this summer at BH 2007. Explain the concept behind timing attacks and how it relates to web application hacking.
  • What is the most severe threat to web applications today (aside from your pen test team)?
  • What can organizations do to protect themselves and their web applications?
  • Most interesting story from a pen test that you can talk about?
  • What do you think of the most recent iPhone hacking work done by HD Moore and how would you incorporate that into your testing? Recommendations for defense?
  • If Marco and Jeremiah Grossman had a contest to see who could hack into the most web applications, who would win?