- When we talk about Web security, we typically think about the common OWASP-type elements: (continue reading...)
- Recently, a project manager I work with asked me if I had manually validated a (continue reading...)
- I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is (continue reading...)
- I’ve had several questions from clients recently on how they can to secure FTP running on their web servers. The easy and short-sighted (continue reading...)
- Like chemists, carpenters and doctors, those of us working in IT need good tools if we’re expected to do a good job. (continue reading...)
- It’s a very predictable web security flaw — in fact, it’s something I find in the majority of my web security assessments: the lack of intruder (continue reading...)
- I recently read about a marketing agency that experienced a security breach and subsequent defacement of its customers’ websites. Apparently their developers had misconfigured the (continue reading...)
- Many organizations have a formal set of information security policies covering everything from acceptable internet usage to security in software development to (continue reading...)
- Recently a client of mine sent over the results of a web vulnerability scan that one of their customers had run against their production (continue reading...)
- XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not (continue reading...)
- As I wrote about in a previous post, we’re in the era of (continue reading...)
- Looking at the bigger picture of application security it seems that no one else really hears us. Sure, product managers, marketing, legal, HR and (continue reading...)
- It’s hard to believe, but SQL injection as we know it has been around for 13 years. Yet, SQL (continue reading...)
-
On Thursday morning a post appeared on the popular Full Disclosure Internet discussion group listing XSS vulnerabilities in no less than 20 high profile websites. Amongst the vulnerable are McDonalds, IEEE Explore, Harvard University, and (continue reading...)
- If you’ve heard it once you’ve probably heard it a thousand times: time to market is critical. Indeed, when it comes to software development, many business (continue reading...)
- We often hear about “disgruntled workers” wreaking havoc on computer systems and sensitive information. Interestingly we never hear about what I call “ (continue reading...)
- On the 31st of July 2011, the system administrator of Brooks-Jeffrey Marketing (BJM) was working on his newly upgraded servers. At exactly the same time a hacker was slowly sniffing his way through the same systems and (continue reading...)
- On the 12th of July 2011, Booz Allen Hamilton the largest U.S. military defence contractor admitted that they had just suffered a very serious security breach, at the hands of hacktivist group AntiSec.
Operation Anti-Security (AntiSec) is a (continue reading...)
- SQL Injection is perhaps one of the most common application layer attack techniques used today, mainly used by malicious users to steal (continue reading...)
- I’ve heard experts in time management say that one minute of planning (continue reading...)