Projects

Podcasts

The following are a list of podcasts that I host or co-host

DevelopSec

The DevelopSec podcast is dedicated to sharing security information that is key to all of those involved in application development. The target audience is Developers, QA teams, business analysts, application owners, architects and even the end users. (http://developsec.libsyn.com)

Down the Security Rabbithole

Down the Security Rabbithole is a podcast dedicated to enterprise security created by Rafal Los (wh1t3rabbit). The weekly production consists of alternating weeks of weekly news and interviews with professionals in the industry. (http://podcast.wh1t3rabbit.net)

Open Source Tools

The following are a list of tools that I have worked on.

Web Config Security Analyzer

The Web Config Security Analyzer is a simple tool used to help developers quickly assess their web.config file  for common security misconfigurations.  The project is open source and hosted at sourceforge (http://sourceforge.net/projects/wcsa/)

EventValMod

EventValMod is an event validation modification tool that is used to create valid hashes to attack the event validation feature of .Net.  The tool is for demonstration purposes to teach developers why it is important to protect the Event Validation feature.  The project is open source and hosted at sourceforge(http://sourceforge.net/projects/eventvalmod/)

Laudanum

Laudanum is a collection of scripts using during a penetration test.  I have helped contribute many of the ASP.Net scripts that are part of this collection.  The project is open source and more information can be found on the Professional Evil site (http://laudanum.professionallyevil.com/)

SPScan

SPScan is a tool to enumerate Microsoft SharePoint installations looking for  installed web parts and possible known vulnerabilities.  The project is open source and more information can be found here: (http://sourceforge.net/projects/spscan/)