Once again, we need to talk about Burp. At Schellman, we’ve talked about this tool before—on our penetration testing team, we use it a lot and it serves us well, including in our work with mobile applications. But that doesn’t mean there still aren’t situations where extra effort is required in order to get the job done. Our fellow pen testers all know that things evolve so quickly in our field that sometimes we must improvise a new technique to properly solve to the problems we run into. Stop me if you’ve heard this one before, but one such issue that we are seeing crop up more and more during mobile penetration tests has to do with intercepting traffic from an application. Each time we watch some of that traffic escape our data flow, we’ve found each instance difficult and puzzling, because it’s not a static problem—when it comes to intercepting traffic from mobile applications, the issues can range from common to complex. One of those trickier ones to troubleshoot as a tester is when you can see most of the general web traffic from the mobile device being tested as it goes to Burp, but you also see that none, or very little, of the traffic from the actual mobile app under test follows. When that happens, you probably also note that there are no TLS errors for the domain in scope in the Event log from the Burp dashboard, and that, at the same time, the app seems to be working well, performing requests and receiving data as expected—there’s no other problem, it’s just that some of that traffic has decided to shoot off to the Great Unknown rather than where you know it should be. Does that sound familiar? If you’ve been frustrated by this same problem before, welcome to the club. This article will seek to understand why this even occurs in the first place before laying out a potential solution we worked up to curb any traffic trying to escape your proxy. Read on, and next time said traffic tries to get away from you, you’ll be ready.

In the classic film Twister, Bill Paxton and Helen Hunt are faced with life or death at the very end. As an F5 tornado bears down on them, they use leather belts to anchor themselves to the ground, keeping themselves from getting swallowed up in the maelstrom.

When it comes to ISO 27001, implementing a holistic information security management system (ISMS) in order to meet the standard is difficult—particularly where the internal audit requirement is concerned. As an experienced ISO Certification Body, we consistently hear feedback that the internal audit function is a particularly tricky part of the ISO 27001 standard.

The debate between working for bigger companies or smaller companies is a big topic for a lot of college graduates entering the workforce—I’d know, I was recently one of them. Everyone has their opinion of which way is best before they take the job, and those may or may not change after everyone has spent some time being employed.

You’ve heard of the Bermuda Triangle, right? It’s that mysterious region in North Atlantic Ocean where it’s said that more than 50 ships and 20 airplanes have disappeared without a trace. Fascinating and discomforting as that may be, the real trouble with the Triangle is that its boundaries are only loosely defined, which no doubt leads to uncertain pilots steering into a bad situation.

When you’re applying for a new job, you have your reasons—whether it’s to find a new challenge or to escape a toxic workplace, you want to trust that somewhere else will be better for you and your career. But when you’re sending off applications, it’s hard to know what you might be getting yourself into—most times, you won’t know until you’ve signed your new employment contract and are in (a new set) of weeds.

If you’ve ever tried to learn another language, you know that it’s incredibly difficult to just jump in—self-instruction can be difficult, disorganized, and overwhelming. It’s helpful, when setting off on this ambitious endeavor, to engage with a helpful tool that features a more structured approach with instruction on specific concepts. Let’s face it—if there’s something out there that can simplify complex ideas, it just makes sense to take advantage of it.

Ever moved somewhere new? It’s a big life change, and of course, it’s important you pack all your belongings and get them moved to your new spot. But it’s not just your stuff that you need to account for—you’ll also be looking for a new local doctor to trust with your medical history, a new mechanic to trust with your car, etc.