White Oak Founder/CEO Interview
Christopher Emerson was interviewed at this year’s Cyber Security Summit (2019) about the organization and our unique approach to deep-dive penetration testing:
Author: Christopher Emerson
Systematic Threat Evaluation Methodology – S.T.E.M.
I LOVE security testing. There, I said it. Penetration Testing, Red Teaming, Threat Emulation… I LOVE it all. Looking at a system, learning about the individual components, understanding how they were […]
Building An Application Security Program: Part 2
Read Part 1 here.. Last time we talked about how you would start an application security program and I want to try to move into a discussion around how you […]
Building An Application Security Program
Our CEO and founder, Christopher Emerson, is regularly asked to provide his expertise, opinion, and insight on a variety of cybersecurity topics. Often our clients, industry contacts, or community request […]
CBSSports.com Vunerabilities
I want to start by thanking the folks at CBS Interactive andCBS Corporation for working so diligently with me on remediating the issues Idiscovered, and for responsibly disclosing these issues. […]
CBSSports.com Horizontal Access Control Bypass (Trades & Add/Drop)
Summary=========The CBSSports.com fantasy sports sites do not properlyenforce access control between user accounts at the same privilege level withinthe application. This behavior could be leveraged by an attacker to send […]
CBSSports.com Cross-Site Request Forgery
Summary=========The CBSSports.com fantasy sports sites do not prevent unauthorized execution of sensitive operations initiated outside the authorized application workflow. This behavior could beleveraged by an attacker through a Cross-Site Request Forgery […]
CBSSports.com Horizontal Access Control Bypass (Scoreboard Chat)
Summary=========The CBSSports.com fantasy sports sites did not properly enforce access control between user accounts at the same privilege level within the application. This behavior could be leveraged by an attacker […]
CBSSports.com Horizontal Access Control Bypass (Trading Block)
Summary=========The CBSSports.com fantasy sports sites did not properly enforce access control between user accounts at the same privilege level within the application. This behavior could be leveraged by an attacker […]
UFC on Xbox LIVE for Android – Cleartext Storage of Sensitive Information
Summary=======The UFC on Xbox LIVE application for Android (version 1.0) stores sensitive information in cleartext within the SQLite database. CVE number: Not AssignedImpact: MediumVendor homepage: http://www.microsoft.com/Vendor notified: 12/13/2012Vendor fixed: N/A – […]