Mad Irish . net en Utilizing Client Side x509 Cryptographic Certificates Establish bi-directional trust using x509 cryptographic certificates on a client to allow for mutual authentication. AES Encryption with Java This article provides a short tutorial on using initialization vectors properly when using AES encryption within the Java cryptographic library. Code examples show the importance of a random, distinct initialization vector and how to perform encryption and decryption of data using the initialization vector. Adding Depth to WebApp Defense Web application defense often begins with patching vulnerabilities like SQL injection and cross site scripting in the source code. Often times, however, administrators are responsible for deploying and maintaining applications with unknown source code quality and may not be able to audit or fix the source code. In situations like this administrators should assume that applications contain vulnerabilities and apply additional defensive measures to ensure that application compromises are contained. iThoughts Multiple Vulnerabilities iThoughts iOS application for iPhone and iPad contains numerious vulnerabilities. Writing Buffer Overflows It has been a long time since a relevant buffer overflow tutorial was written. While the classics still serve as wonderful guides I thought it might be time to put together an up to date tutorial that incorporated many of the techniques of other tutorials along with a few things I've learned on my own. Dear Security Team: You Suck! Computer security isn't voodoo, it's part of computer science. The cornerstone of the scientific process is a repeatable experiment with verifiable results. Security should adopt this approach. First, measure the environment and establish goals. Next test for cases where you can address issues to meet goals. Develop a process for systematically addressing a priority and a separate way to measure progress. Establish a periodic review so that you can evaluate your success (or lack thereof). If you can do this then you're well on your way to establishing a mature, respected security organization that can demonstrably add value to any organization.