// BLOG

LFI? RFI? NFI?

This post is intended to give an overview of the common methods of exploiting file inclusion vulnerabilities. Both remote and local file inclusion topics will be covered. What is File Inclusion? Let's look at the following code: [crayon-5de979b88a6bc104210149/] This...

read more

Canberra OWASP 2014 Chapter meetings

Well folks, its been a while since we've had an OWASP meeting and this time we're planning something a little different. Rather than have very interesting folks talk to you, we're going to roll our sleeves up and get with breaking web apps. The next few chapter...

read more

What do you do about a problem like Java?

The recent deluge of Java vulnerabilities that have been released (some patched and some exploited in the wild) has given rise to a chorus of ditching Java. I recall a similar village riot when Flash was the subject of a string of vulnerabilities. The main arguments...

read more

Pastebin as an intelligence tool

Pastebin and its many clones have been around since 2002. During the 11 years of their evolution, we have observed the change from its original purpose of sharing of code snippets to an anonymous dead drop for hackers. The latest one being a "hacker" disclosing SQLi...

read more

The right DNS stuff

Anyone that has undertaken Internet based reconnaissance for a red teaming engagement knows how handy web based network tools are for profiling a target without being easily traceable. Years ago I used DNSstuff.com but as their server loads increased they decided to...

read more

Ionize is CREST certified

Ionize is now certified by the Australian Council of Registered Ethical Security Testers (CREST). This certification gives our clients assurance that our security testing practice is run professionally and ethically by highly skilled and experienced security testers....

read more

February OWASP meeting

Once again we're organising a killer OWASP chapter meeting for Canberra in collaboration with SANS. We've got the Scott MacLeod (CTO of AFP) and Nick Klein (digital forensics pro) speaking about building strong technical teams and computer forensics respectively. The...

read more

July OWASP chapter meetings

We had an excellent meeting on the 4th July with our guest speaker, Justin Smith, giving a developer's view of managing website security. He touched on the importance of releasing functional software versus secure software, the evolution of DevOps to bring dev teams...

read more

OWASP Canberra chapter meeting

Canberra's first OWASP meeting went very well tonight. We had a turn out of some 20-odd folks from all professional persuasions. Our guest speaker, Tim Scully, presented a very pragmatic view of the poor state of cyber security and strategies for improvement. Tim...

read more

Want to find out more?

CONTACT

Open: Mon-Fri 9am - 5pm
Phone: (02) 6162 1783
Email: info@ionize.com.au
Address: Suite 5, 16 National Circuit
BARTON ACT 2600

ABOUT

Ionize was established in 2008, and has been servicing clients both within Australia and overseas ever since. Our focus is on providing honest advice to our clients, maintaining the integrity of our work, while building and giving back to the information security community.