Paco Hope

Software Security Consultant

Areas of Expertise:

Web Security
Software Testing
Online Gambling
Security Testing

Security Training
consulting
speaking
training

Biography

Paco Hope is a Technical Manager with Cigital. His areas of expertise software security, security testing, and casino gaming. He specializes in analyzing the security of software, software systems, and software development processes. Paco frequently speaks at conferences such as the Better Software Conference, STAR East, and STAR West. He conducts training on risk-based security testing, writing security requirements, and software security fundamentals. He can be reached at paco@cigital.com.

Books

Web Security Testing Cookbook
by Paco Hope , Ben Walther
October 2008
Print: $39.99
Ebook: $31.99
Bundle: $51.99

Mastering FreeBSD and OpenBSD Security
by Yanek Korff , Paco Hope , Bruce Potter
March 2005
Print: $49.95
(4)
(Read Reviews)

Blog

Paco's blog posts are hosted at:
http://paco.to/

America rewards poor decisions

June 30 2009

If you are an American who makes poor decisions, fear not. Our government rewards you. In big ways and small, what was once the honorable virtue of forgiveness has been twisted into a pattern of taking the sting out of making bad decisions. This just fosters bad decision making and… read more

Stuff my iPhone Still Doesn’t Do

June 29 2009

I got an iPhone 3GS recently. That, plus iPhone software 3.0, gives me a lot of new features. I’m still surprised at the things that Nokia had years ago, but Apple still hasn’t adopted. I had a Nokia phone for several years before I got my first iPhone. Now, don’t get… read more

He ain’t heavy, he’s my mower

June 28 2009

If you check out Neuton Mowers, they’re these battery-powered lawn mowers. I get the whole non-polluting, lower noise thing. But their comparison chart leaves something to be desired on the honesty scale. Take a look at the graphic from their front page: Two things strike me as a bit odd. I currently… read more

50 Ways to Inject Your SQL

June 15 2009

I did a Parody of Paul Simon’s “50 Ways to Leave Your Lover.” It’s very geeky, though. It’s “50 Ways to Inject Your SQL.” Yes, that’s me singing. I got the idea after explaining some really crappy code to my wife and how it did a ridiculous job protecting against SQL… read more

The suckage that is Dell Tech Support

May 28 2009

As you may know, I bought a Dell Mini 9 to hackint0sh it. I got it running Mac OS X with only a little difficulty (mainly around trying to shoehorn OS X onto a tiny SSD). Then the Wi-Fi card went out. Now, I’m stuck in Tech Support Hell. The TimeLine Thursday… read more

Star Trek boldly went where no one had gone before: good

May 14 2009

There are a gazillion reviews for the latest Star Trek movie out there. Here’s mine. The actors are A+. Unlike George Lucas, who only directs in clichés and can’t direct humans to save his life, JJ Abrams knows how to elicit amazing performances from a cast of great actors. None of… read more

Entourage Rule to Filter Russian Spam

May 08 2009

I’m starting to get a lot of Russian spam now. The good news is that I don’t understand it, so I can’t possibly fall for it. The bad news is that my junk email filters and even Postini are not catching it. I created a rule in Entourage that handles… read more

See and Look

May 07 2009

In English, “see” and “look” have very similar meanings, while “oversee” and “overlook” have almost opposite meanings. I find this amusing. It’s even more amusing when it shows up on a resume like the one I saw today: I overlooked a team of five doing blah, blah, blah… So, did this person… read more

Poker Copilot: The only poker helper for Mac users?

May 01 2009

I’ve done a bunch of work in online poker lately (for Cigital), and so it’s important for me to improve my game to where I’m not just one of the fish. I was keen to try some of the software that’s out there, but I’m a Mac user. I’m not… read more

Book Review:

April 24 2009

I recently read Ari Takanen’s Fuzzing for Software Security Testing and Quality Assurance. This is a valuable book on fuzz testing, and timely. Good Things He really puts fuzzing in context. Fuzz testing has been around for a long time, and this book gives you the full historical perspective, as well… read more

Why is Facebook worse than TV?

April 24 2009

I was just reading “Five Clues That You Are Addicted to Facebook” on cnn.com and it occured to me that Facebook should really be considered in the same light as television.The 5 warning signs are: You lose sleep over Facebook You spend more than an hour a day on Facebook You become… read more

Hackint0shing Dell Mini: it Works

April 24 2009

In my previous post I left off without telling you whether or not it worked. In the end, I bought a 32G SSD chip and installed it. (Installing is totally painless and trivial). After that, the Gizmodo instructions worked perfectly. Basically, I wasted a ton of time trying to shoehorn MacOS… read more

Five Reasons for Software Certifications

April 20 2009

Several people I respect (notably Gary McGraw) as well as others that I don’t really know (e.g., the author of this blog post “5 reasons why software certs suck”), have argued vehemently against certifications recently. I am a subject matter expert for the new Certified Secure Software Lifecycle Professional (CSSLP)… read more

Hackint0shing Dell Mini 9 on the cheap

April 06 2009

When I read about getting a Dell Mini 9 for $200 and hackint0shing it to run Mac OS X, I was all over it. I ran out and got one. I was a bit frustrated that it required some stuff that would put my total cost over $200. (I got… read more

Elfriede Dustin’s Test Automation book

March 13 2009

A colleague of mine has recently published a book Implementing Automated Software Testing. read more

Biography

Books

Blog

Hire Paco Hope

Also find Paco on:

Buy Direct and Save

Bundle Your Order