The nVisium Blog

Introducing SpyDir

Published on January 18, 2017 by Ryan Reid

In this post, I'll discuss a Burp Suite extension I've recently developed and published to my GitHub. The extension provides a mechanism to enumerate endpoints within a web application via a local source code repository. Finally, it does this in an extensible manner.

Read more...

nVisium, Now an Amazon Consulting Partner

Published on December 20, 2016 by Ken Johnson

Our customers have always played a part in shaping our service offerings. Over the past several years, we have seen increasing demand from our customers for assistance in securing Amazon Web Services (AWS) environments. So at their request, we performed reviews of their controls, configuration of their services, etc. Essentially, we conducted AWS security assessments. We were able to do this work because we could "eat our own dog food," so to speak. We utilized AWS, so it made sense to go through the process of creating a secure framework for building on and completing various AWS trainings.

Read more...

re:Invent Recap

Published on December 8, 2016 by AWS Consulting Team

Last week our AWS consulting team attended AWS re:Invent. We thought we would recap some of the things we found exciting about the event.

Before we get into specifics, let us first summarize what really impressed us about the security tracks at re:Invent. Security teams utilized DevOps and Cloud-centric technologies to benefit themselves as well as their organizations. They did so in some really cool ways.

Read more...

Don't Touch Me That Way

Published on June 22, 2016 by David Lindner

Apple first released its iPhone in 2007, and over the past 9 years we have seen both the hardware and software evolve into what we now know as the iPhone 6s (e, plus) series of devices. These iPhones tout faster processing speeds, tons of data storage, and the ability to determine your blood alcohol level or your baby’s due date.

In 2013, with the release of the iPhone 5s, Apple introduced the capability to “authenticate” to the device via the “TouchID,” their fancy term for a fingerprint reader. With this major release, Apple decided to withhold access to TouchID functionality from any apps that were not Apple branded. This, however, all changed with the release of iOS 8 and the iPhone 6. Now developers could utilize TouchID to make authenticating to their applications much more convenient.

Read more...

Secure Password Strings in Java and C#

Published on March 31, 2016 by David Coursey

For the second time in a few months I had a conversation with friends on this Fortify finding - Privacy Violation: Heap Inspection.

The description reads:

"Sensitive data (such as passwords, social security numbers, credit card numbers, etc.) stored in memory can be leaked if it is stored in a managed String object."

The threat here is that the string data will remain in memory long enough to be retrieved by an attacker. This is exactly why Heartbleed (TM) was such a big problem--strings in memory could be accessed long after they were no longer being used. If you ran it a bunch of times and were lucky, the exploit would give you passwords or private keys.

Read more...

Exploring SSTI in Flask/Jinja2, Part II

Published on March 11, 2016 by Tim Tomes

I recently wrote this article about exploring the true impact of Server-Side Template Injection (SSTI) in applications leveraging the Flask/Jinja2 development stack. My initial goal was to find a path to file or operating system access. I was previously unable to do so, but thanks to some feedback on the initial article, I have since been able to achieve my goal. This article is the result of the additional research.

Read more...