- Hackers are an evolutionary group of people who are always looking for new and innovative ways to breach applications, steal vital customer data and wreak havoc on the Web. For years, hackers have targeted Windows (continue reading...)
- Many industry and government leaders have been discussing how the U.S. is now facing a full-scale cyber war and potential repercussions – from U.S. transportation, energy and communications systems being brought to a standstill, (continue reading...)
- Periodic and consistent security checks – that’s the recipe for effective Web security, right? We hear this “best practice” recommendation all the time. It’s true but (continue reading...)
- This is very interesting in so many ways…very representative of the security controls in many organizations. What’s the weakest link in your security program?Courtesy of Rogers Security Blog (continue reading...)
- A must read interview for anyone who is interested in evaluating web vulnerability scanners. In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken (continue reading...)
- It’s that time of year for us to get inundated with all those Top 10 lists to help us achieve this, prevent that and so on. (continue reading...)
- By Greg Reber, CEO, AsTech ConsultingAlthough the gulf oil spill is fading from public consciousness, it is an apt metaphor for IT professionals who ignore application security at their peril. In the case of the (continue reading...)
- If only Web application security were black and white. We could simply load our scanner without thinking anything through, enter the URL, (continue reading...)
- This week thousands of system administrators who make use of Goolge products will open their inbox to see an email from Google explaining that (continue reading...)
- While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client’s browser.
DOM or the document object (continue reading...)
- Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania. A phishing (continue reading...)
- By Greg Reber, CEO, AsTech ConsultingFacebook application developers were recently suspended after being caught selling user information to data brokers. While it is no secret that Facebook makes its profits off of (continue reading...)
- Wong Onn Chee and Tom Brennan from OWASP recently published a paper* presenting a new denial of service attack against web servers.
What’s special about this (continue reading...)
- “Clarification, additional guidance, and evolving requirements” – welcome to the new PCI standards! Hot off the press are the new PCI DSS and PA-DSS requirements which (continue reading...)
- Don’t get caught off guard. We hear that statement all the time with regards to information security. Sadly, as many businesses have experienced, such talk is (continue reading...)
- A client of mine who’s a security administrator for a business in the financial industry contacted me recently about some odd behavior he was seeing (continue reading...)
- The District of Columbia recently attempted to give the opportunity to a number of people who live or work overseas to be able to (continue reading...)
- People who are at the top of their games such as Formula One engineers, neurosurgeons, stunt pilots and so on have one thing in common: (continue reading...)
- The recent publicity and ranting about Twitter’s onMouseOver flaw* got me thinking about our perception of software quality and expectations of risk. Why is there no (continue reading...)
- Everybody’s talking about the ASP.NET Padding Oracle vulnerability released a few days ago at the ekoparty Security Conference. However, until now there wasn’t enough (continue reading...)