The tinfoil gem
I attended BSides Vancouver last week (great job everyone!) and Mark Curphey had a good talk (Modern Software is Like Lego & WTF Don’t People Use Secure Headers?) containing a statistic on how few websites use secure headers. His company even came up with a Web-based tool to find which websites contain secure headers. I love this idea but I found it lacked in one area: testing sites not publicly addressable on the Web. There are many more internal websites that could be sniffed or exploited inside company networks. So I went about writing a tool called tinfoil that allows anyone to check servers within their network. ...