What follows are some of my favorite training opportunities, news bits, tools/scripts and humorous stories to send you into the weekend with!


  • The recording from the BHIS Webinar on Web App Security Training is now up on YouTube.

General News


  • Sandstorm.io looks to be a pretty cool way to create your own private cloud (the app collection looks decent as well).

  • Here’s a ghetto XSS cheatsheet containing "…XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air."


  • When Google security reacher Tavis Ormandy sets his sights on something boy oh boy do people get passionate!

  • I’m thinking of changing Friday’s episode into a newsletter distribution instead. That way I can free up a bit more time to work on tech how-tos and VulnHub walkthroughs that have both audio and video options.

Written by: Brian Johnson

Share on socials: