American entrepreneur and co-founder of Apple Steve Jobs once said, “learn continually—there’s always ‘one more thing’ to learn!”

If you’ve ever skied before, you might know that anything can happen on a mountain. It might be your first time on the slopes or you might have traversed a certain run hundreds of times, but all it takes is a little loose powder, a wayward stick, or even another skier in your way to have you eating snow and nursing bruises.

There’s a Latin proverb that says, “if the wind will not serve, take to the oars.” If you’ve ever hunted for a (new) job, you likely can relate. Of course, every workplace has its idiosyncrasies, but you need to find the “wind” that serves you best.

When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the world?

You’ve probably heard the classic idiom about “keeping up with the Joneses.” According to Miriam-Webster, it means “to show that one is as good as other people by getting what they have and doing what they do.” Generally, that’s usually meant people buying expensive cars or other things they can’t afford to try and maintain the same pace as their peers.

Once again, we need to talk about Burp. At Schellman, we’ve talked about this tool before—on our penetration testing team, we use it a lot and it serves us well, including in our work with mobile applications. But that doesn’t mean there still aren’t situations where extra effort is required in order to get the job done. Our fellow pen testers all know that things evolve so quickly in our field that sometimes we must improvise a new technique to properly solve to the problems we run into. Stop me if you’ve heard this one before, but one such issue that we are seeing crop up more and more during mobile penetration tests has to do with intercepting traffic from an application. Each time we watch some of that traffic escape our data flow, we’ve found each instance difficult and puzzling, because it’s not a static problem—when it comes to intercepting traffic from mobile applications, the issues can range from common to complex. One of those trickier ones to troubleshoot as a tester is when you can see most of the general web traffic from the mobile device being tested as it goes to Burp, but you also see that none, or very little, of the traffic from the actual mobile app under test follows. When that happens, you probably also note that there are no TLS errors for the domain in scope in the Event log from the Burp dashboard, and that, at the same time, the app seems to be working well, performing requests and receiving data as expected—there’s no other problem, it’s just that some of that traffic has decided to shoot off to the Great Unknown rather than where you know it should be. Does that sound familiar? If you’ve been frustrated by this same problem before, welcome to the club. This article will seek to understand why this even occurs in the first place before laying out a potential solution we worked up to curb any traffic trying to escape your proxy. Read on, and next time said traffic tries to get away from you, you’ll be ready.

In the classic film Twister, Bill Paxton and Helen Hunt are faced with life or death at the very end. As an F5 tornado bears down on them, they use leather belts to anchor themselves to the ground, keeping themselves from getting swallowed up in the maelstrom.

When it comes to ISO 27001, implementing a holistic information security management system (ISMS) in order to meet the standard is difficult—particularly where the internal audit requirement is concerned. As an experienced ISO Certification Body, we consistently hear feedback that the internal audit function is a particularly tricky part of the ISO 27001 standard.