Westpoint at BSides Manchester 2015

A few weeks ago a number of Westpoint staff attended the excellent BSides Manchester conference. I gave a presentation on Low-level TLS hacking which was recorded and is now available on the BSides Manchester YouTube channel.

Read more

Understanding the Heartbleed Proof of Concept

Unless you've been on a desert island all week, you've probably heard about a major vulnerability in OpenSSL called Heartbleed (or more prosaically CVE-2014-0160. The issue has received huge amount of coverage in the news, and for once was actually a serious enough issue to justify all the hype. This post breaks apart the proof of concept exploit to explain in detail how it works.

Read more

XML External Entities, Attack and Defence

XML is used widely in many different areas of computing. It's been wildly successful especially compared to its more complex sibling SGML. Most people think of XML as just a bunch of tags and some text, which is normally a perfectly reasonable way to regard it. Unfortunately when you're working with XML data that originates from an untrusted source there are some gotchas waiting to bite you.

Read more

What Does Equality Mean?

Comparing two URLs for equality doesn't sound like a complicated problem, but there is actually more to it than you would expect. This post shows how this simple task can lead to some surprising behaviour.

Read more
< Older Articles Newer Articles >
Designed & Built by e3creative