RSnake opens company

March 21st, 2007 by dk

RSnake announced the opening of his company “SecTheory” yesterday. It has been fascinating to see just how far his blog and a few others have pushed the XSS route. I am not surprised to see him making this move to open a company, although I would have thought a consulting, contracting move may have been better. His company site looks simple….but not bad.

I was surprised to see RSnake offering a wide range of services including Physical Security reviews… I would have thought he would have focused solely in the web application arena, hmm.

I do like his search engine optimisation (note the correct spelling) services, thats quite a unique service for a security vendor. I certainly think the way forward in this industry for startups is specialisation. The general security industry is mature, chunky and fat, not much room for newbies :)

3 Comments so far

  1. Zeroknock @ March 27th, 2007

    Well its good!
    But The Sec Theory was severly vulnerable to Double Trap XSS Injection,s.The vulnerability have already been reported to him.It has been patched.

    The full analyis of the attack have been designed,
    You can look into the desired issue here

    http://zeroknock.blogspot.com/2007/03/double-trap-xss-injection-analysis.html
    http://zeroknock.metaeye.org/analysis/dbltrap.xhtml
    http://ha.ckers.org/blog/20070316/forgetting-global-replace-xss-woes/

  2. david.kierznowski @ March 27th, 2007

    ouch - good start :)

  3. Zeroknock @ March 27th, 2007

    Well , it has previously defined clearly that there is no talk about double trapping.

    There it is , I mean No Cheat Sheet.

Leave a reply

Recent

Sponsored links