Morgan Todd Lewistown, PA

Has Adobe Gotten its Mojo Back? : For the past several months a creeping sense of ambivalence between myself and my relationship with Adobe had been rattling through my consciousness like a song I couldn’t get out of my head. As a web guy I couldn’t shake the sense that Adobe was spending an inordinate amount of time telling the universe how great things were with DPS and mobile with very little chatter over on the web side of the fence. In short, I detected a disconnect between Adobe’s claim to love web development and its “practice” of pushing DPS at the industry. With all of the cool web technologies that were cascading down on us I just couldn’t understand why Adobe was so slow in reacting to an industry that was in hyperdrive when it came to “change”. It was almost as if, since its Flash announcement last year, that the company had somehow lost its mojo. The only real connection I was feeling with Adobe was the Animate team. Then, for over a year, the Adobe Animate team t...

A Guide to Making Your Business Video SEO Friendly : Creating online videos can be an excellent way to promote your business and increase brand awareness and trust. But how can you  ensure that the right audiences will find your video? Many video marketers think posting videos to YouTube is the only step they have to take for their videos to start circulating. But in the vast sea of the Web, simply uploading videos isn’t enough—consider the fact that  only 50 percent of YouTube videos  get 100 or more views. To make sure your videos are getting the reach they deserve, the key is to optimize your videos for search engines. Because sites like Google can’t “read” a video, it’s important to focus on providing keywords and utilizing other strategies to pull your business videos into search results. Below are a few strategies you can employ to make your video SEO-friendly: 1. Content is King If your video doesn’t contain compelling content, it will have a short lifespa...

OWASP Membership Deadline : Hello all, I would like to remind everyone ONE LAST TIME of the September 30, 2012 membership deadline for eligibility to vote in the OWASP election. The members of the committee are not paid marketing people, or paid by OWASP for our efforts;  we are all volunteers, just like you. We pay membership because we want to support our local chapter, OWASP projects, and other efforts to raise awareness of critical software security issues. OWASP needs your donation to continue to provide vendor neutral services and to continue to develop quality tools and documentation in our open source community. For less than $1/week, you can support your local chapter and vote in the Global OWASP Election. Become a member Today! https://www.owasp.org/index.php/Newmembership If you are already a paid member, than please accept our sincere thank you for your continued support. Honorary members can also vote in the election.  If you would like to apply for...

Using Mobile Applications for attacking Web Applications : This simple blog post was motivated by my desire to look at some mobile applications that I happen to use. I did not choose a specific methodology for testing mobile applications. What I did was to use some of my knowledge in testing web applications in general. To my pleasant surprise I got results that made ​​me happy, or not. 01 - Catalog Application. Starting my tests, on the first application I noticed the web server authentication credentials are simply sent in plain text using a POST method. Most of these mobile applications are just simple frontends for web services. This behavior has been confirmed in all tested applications. Some examples. 02 – Auction Application Let's start intercepting the requests of the mobile application and doing a simple SQL Injection test: In this specific case it was possible to notice that the application consumed by Mobile Application is vulnerable to SQL ...

W3C Unveils Plan to Finish HTML5 in 2014 : Image: Screenshot/Webmonkey . Like the Cylons , HTML5 was created by man . It rebelled . It evolved . It looks and feels like HTML. And now, it has a plan . Namely, to be done in 2014. The W3C has formalized its plan to move the HTML5 spec to the official “Candidate Recommendation” status by the end of 2014. That might seem like a long time from now, especially if, like most of us, you’ve been using the bulk of HTML5 for some time, but 2014 is quite a bit better than the 2022 date that used to be tossed around. But there’s a catch. In order to get HTML5 to the Candidate Recommendation stage on time the W3C is going to move some less stable parts of the spec to the newly designated HTML 5.1. HTML5 has already been “modularized” over the years, spinning off sections like Web Workers, WebSockets, Microdata and half a dozen others, which are all now separate specifications at the W3C. Now the W3C plans to split the remaining chunk of HTM...

CVSS for Penetration Test Results (Part II: Attack Sequences) : CVSS needs to be extended to accommodate combinations of vulnerabilities .  The current documentation explicitly states: "Vulnerability scoring should not take into account any interaction with other vulnerabilities."  But interaction among vulnerabilities is crucial for understanding the implication of particular vulnerabilities existing in an organization's environment. Without rehashing Part I of this post , here's a simple, but real-world example.  The use of Telnet receives a CVSS score of X, and a network's vulnerability to ARP cache poisoning receives a CVSS score of Y.  The risk of these vulnerabilities occurring together should be significantly higher than the risk of these vulnerabilities occurring independently.  A network where these two vulnerabilities are present is equivalent to a network where unencrypted usernames and passwords are broadcast to every node on the networ...

OWASP Membership Deadline : Hello all, I would like to remind everyone ONE LAST TIME of the September 30, 2012 membership deadline for eligibility to vote in the OWASP election. The members of the committee are not paid marketing people, or paid by OWASP for our efforts;  we are all volunteers, just like you. We pay membership because we want to support our local chapter, OWASP projects, and other efforts to raise awareness of critical software security issues. OWASP needs your donation to continue to provide vendor neutral services and to continue to develop quality tools and documentation in our open source community. For less than $1/week, you can support your local chapter and vote in the Global OWASP Election. Become a member Today! https://www.owasp.org/index.php/Newmembership If you are already a paid member, than please accept our sincere thank you for your continued support. Honorary members can also vote in the election.  If you would like to apply for...

Facebook Advertising / Marketing: Best Metrics, ROI, Business Value : Facebook has an incredible audience, 950 million strong and counting. This audience is immensely attractive to Brands and Marketers around the world. We've seen explosive growth in brand pages, types of advertising and other fun ways to monetize this audience. Increased investment in Facebook as an engagement/acquisition channel has translated into requests from CEOs, CMOs and other CxOs about the return on that investment. As Facebook is a very young channel, it is not surprising that everyone's struggling with the answer. This point was vividly illustrated at a session I attended at a major industry conference. A Facebook employee (FBe) gave a talk about measuring ROI/Value of Facebook campaigns. FBe's recommendation was (paraphrasing a 35 min talk): Don't invent new metrics, use online versions of Reach and GRPs to measure success. The value of Facebook in "spreading word of mouth,...