I’ve written and published two new security articles as part of the Yahoo! Contributor Network. The first is about reducing your digital footprint, which is something I’ve been interested in for a while now. If you aren’t careful, a lot of information about yourself can be found online. Some of it might be true, some of it might be false, but most of it you probably don’t want lingering in search engine results. My article will tell you how to best map your digital footprint, and then how to go about reducing it.
The second article is on the top 5 online password managers, something every sensible person on the Internet should have. With so many different websites, you can either have the same password (highly insecure) or generate a unique password for each. Online password managers mean you don’t have to remember all your passwords, though as I’ve pointed out before, you can generate highly secure and easy to remember passphrases for the most secure sites you visit.
I’ve been pretty absent from both blogging and tweeting recently as I left my job as a Security Researcher to do penetration testing for Convergent Network Solutions. This involved moving from Reading to London, which was great since I’ve always wanted to live there. Other than starting what I hope will be a long career as a Penetration Tester, I’ve also been working on my MSc, where I am developing a web application fuzz tester.
Of course, there are already a lot of fuzz testers out there, especially for web apps, so mine will be “special” in a number of ways. Firstly, it will be a command-line tool so that users can run it from machines without a display manager (always useful). Secondly, it will use an XML-based “scripting” language that I have developed, which will allow people not familiar with programming (QA teams for instance) to easily write tests in a structured way that they can understand. Finally, it will support multiple fuzzing methods including a simple list of values, incrementing numbers, and completely random data.
I hope to open source it at the end of development, and of course I’ll make any such announcements on this blog.