Tyler Shields is a Senior Researcher for the Veracode Research Lab whose responsibilities include understanding and examining interesting and relevant security and attack methods for integration into the Veracode product offerings. He also keeps track of new developments from other computer science and information security researchers to ensure that Veracode technologies are always kept in line with the most recent security advancements.
- Identifying the Mobile Security StackMarch 24, 2011
Increasing smartphone adoption rates coupled with the rapid growth in smartphone application counts have created a scenario where private and sensitive information is being pushed to the new device perimeter at an alarming rate. The smartphone mobile device is quickly becoming ubiquitous. It is not inconceivable to predict, in the near future, a world where smartphone and mobile device Internet… READ MORE ›
Stay up to date on Application Security
- The Mobius Defense – An Impetus for Application SecurityJune 30, 2009
The “Mobius Defense” is a somewhat novel defense model proposed by Pete Herzog, founder of ISECOM and lead author of the Open Source Security Testing Methodology Manual (OSSTMM). Before continuing to read the following post I suggest you take a few minutes and breeze through the slide deck linked here. It’s an easy and interesting read so get to it… Mr. Herzog suggests in this presentation that… READ MORE ›
- Anti-Debugging Series - Part IVFebruary 27, 2009
In this final part of the anti-debugging series we're going to discuss process and thread block based anti-debugging. Processes and threads must be maintained and tracked by the operating system. In user space, information about the processes and threads are held in memory in structures known as the process information block (PIB), process environment block (PEB) and the thread information block… READ MORE ›
- Anti-Debugging Series - Part IIIJanuary 7, 2009
It's time for part three in the Anti-Debugging Series. With this post we will stay in the realm of "API based" anti-debugging techniques but go a bit deeper into some techniques that are more complex and significantly more interesting. Today we will analyze one method of detecting an attached debugger, and a second method that can be used to detach a debugger from our running process. Advanced… READ MORE ›
- Anti-Debugging Series - Part IIDecember 30, 2008
Welcome back to the series on anti-debugging. Hopefully you have your debugger and development environment handy as we are about to dive into the first round of anti-debugging code. In the first post to this series we discussed six different types of anti-debugging techniques that are in common use today. To refresh, the classifications buckets that we chose to use are: API Based Anti-Debugging… READ MORE ›
- Anti-Debugging Series - Part IDecember 2, 2008
For those that don't know, anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target process. Typically this is achieved by detecting minute differences in memory, operating system, process information, latency, etc. that occur when a process is started in or attached to by a debugger compared to when it… READ MORE ›
- Partial Disclosure - The Good, Bad, and UglyOctober 21, 2008
There is apparently a bit of fear going around information security circles that the next big trend in the disclosure wars is going to be "Partial Disclosure". In the past, the vulnerability research community has embraced the concepts of "Full Disclosure" and/or "Non-Disclosure". Once those concepts had been sufficiently played out, the general consensus was to move towards "Responsible… READ MORE ›
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.