Malerisch.net - Homepage - RSS - Feed

OWASP nz Day - Speakers announcement

08/06/2009 - Speakers have been announced for the OWASP NZ Day 2009 conference! Also, more than one hundred of registered people attending! Great result! ;-). speakers and talks

EUSecWest 2009

07/06/2009 - Just came back from Europe, London, after been presenting at EUSecWest about "Exploiting Firefox Extensions" with Nick Freeman. It was a really cool conference with very good topics. Our presentation slides are online. download

OWASP New Zealand Day 2009

05/03/2009 - We are organising the first all day security conference entirely dedicated to web application security in New Zealand: OWASP New Zealand Day 2009, Auckland, 13th July 2009. Don't miss it!

OWASP New Zealand Day 2009

OWASP Testing Guide v3.0

05/03/2009 - OWASP Testing Guide v3.0 has been recently published. I partially contributed to it. For those interested, it is also available as a printed book from Lulu. more

Google Analytics - Stored Cross Site Scripting

08/12/2008 - Google Analytics is vulnerable to Stored Cross Site Scripting. A malicious user is able to inject arbitrary browser content through web sites subscribed to the Google Analytics service. more

sed v0.2

25/11/2008 - search engine de-optimisation tool update. more download

opera stored cross site scripting

22/10/2008 - Opera browser is vulnerable to stored Cross Site Scripting. A malicious attacker is able to inject arbitrary browser content through the websites visited with the Opera. more

sed v0.1

28/09/2008 - search engine de-optimisation tool released. more download

Ruxcon 2008

12/09/2008 - I will also speaking at Ruxcon about negative SEO. Don't miss this talk if you can't make it at Kiwicon! ;-) .

browser security

07/09/2008 - I have done some research in the area of browser security and presented this argument at the last OWASP NZ meeting. The presentation can be downloaded from the OWASP web site or from here.

Kiwicon 2008

01/09/2008 - I will be speaking at Kiwicon about negative SEO. Don't miss this talk if you love playing with search engines ;-) .

Black Energy 1.8 web-based botnet package analysis

28/05/2008 - This presentation was given at "Hack In The Bush" internal training and that's an analysis of one of the latest russian web-based botnet packages. download

Web Spam Techniques

30/04/2008 - Last OWASP NZ meeting was great and we talked about Flash exploits and web spam techniques. I thought I could make an article out of it and it is available here. The web spam techniques presentation can be downloaded from the owasp web site or from here.

sugarcrm local file disclosure

29/04/2008 - SugarCRM Community Edition is vulnerable to local file contents disclosure. This vulnerability can be exploited by a malicious user to disclose potentially sensitive information. more

IE and content-type text

27/04/2008 - Using IE? Then be aware of txt files. In fact, IE treats txt files as HTML. Consequently it is possible to have JavaScript executed by IE for text files. more

negative SEO

08/04/2008 - I am currently researching on this topic. Here is an interview I had with Risky Business (IT Security Podcast) about. For more information, there is also an article on ZDNet Asia.

xpath injection

28/02/2008 - In the last Owasp NZ meeting (21st February), we talked about Xpath and we covered some Xpath Injection techniques. The presentation can be downloaded from the owasp web site or from here.