From PaulDotCom Security Weekly

Introduction

We are very excited to talk to some of the folks at Sensepost. In this interview we will be talking to:

• Charl van der Walt - Director of Service Delivery
• Haroon Meer - Technical Director
• Marco Slaverio - Senior Security Analyst (and author of Squeeza)

Resources

Free Tools From Sensepost - Bidihblah, Squeeza, Wikto, and more!

More tools from Sensepost! - BILE is great!

"Its All About Timing" - Blackhat USA 2007 presentation - Don't forget to check out the associated Whitepaper, and the tool "Squeeza".

Penetration Tester's Open Source Toolkit

Question Outline

• Could each of you introduce yourself and describe how you got into the information security field?

• Who is Sensepost and what do you do?

• You have an impressive array of tools and products available on your web site, lets talk about a few:
  • Bidiblah
  • Wikto
  • Aura
  • BILE
  • Others you want to mention aside from Squeeza?

• Lets talk about Squeeza, which was released this summer at BH 2007. Explain the concept behind timing attacks and how it relates to web application hacking.

• What is the most severe threat to web applications today (aside from your pen test team)?

• What can organizations do to protect themselves and their web applications?

• Most interesting story from a pen test that you can talk about?

• What do you think of the most recent iPhone hacking work done by HD Moore and how would you incorporate that into your testing? Recommendations for defense?

• If Marco and Jeremiah Grossman had a contest to see who could hack into the most web applications, who would win?