Blog Posts Tagged with "Web Application Security"

37d5f81e2277051bc17116221040d51c

What To Do If Your Gmail Account Has Been Hacked

July 21, 2011 Added by:Robert Siciliano

Once Kate went through this process, she regained control of her account within minutes. But the criminal had deleted every single email, leaving her with nothing. He’s probably going through those messages now, searching for any useful personal information...

Comments  (6)

Af9c34417f8e5e0d240850bb353b5d40

Is Google+ Worth the Potential Risk to Your Privacy?

July 05, 2011 Added by:Keith Mendoza

I simply find it amusing that everyone is so desperate to get into Google+ that they are willing to give their email addresses to complete strangers on twitter and the many online forums out there. Has everyone suddenly forgotten about spam?

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

How a Major Data Breach is Like Quicksand

July 01, 2011 Added by:Rafal Los

Put yourself in the shoes of a few of the major organizations that have had high-profile data breaches due to compromised applications or web sites lately... the more they struggle and fight, the worse things appear to get. Why is this? Remember that there are no castle walls...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Federating Identity by Twitter - Am I Just Too Paranoid?

June 29, 2011 Added by:Rafal Los

When I go to see my stats I get this lovely looking pop-up box asking me to provide my Twitter credentials, and telling me all about what capabilities this app will have once is has access to my profile. Maybe I'm just entirely too paranoid - but what to you think... would you allow this?

Comments  (1)

Ba829a6cb97f554ffb0272cd3d6c18a7

Google is Your Friend - If You're a Lulzer

June 29, 2011 Added by:Kevin McAleavey

There are exploit GUI's readily available for PostgreSQL, MSSQL and Oracle as well as lesser and older databases. If it's there, and they can find it, and they can talk to it, and you're not properly filtering what can get to it, your site could very well be the next breaking news story...

Comments  (5)

91648658a3e987ddb81913b06dbdc57a

LulzSec Spree Sparks DHS Response

June 28, 2011 Added by:Ron Baklarz

In the wake of the recent LulzSec 50 day hacking spree that left many high profile companies and organizations scrambling, DHS released "detailed guidance" on the top 25 vulnerabilities. The "Common Weakness Enumeration" list was developed in collaboration among DHS, Mitre, and SANS...

Comments  (1)

44fa7dab2a22dc03b6a1de4a35b7834a

Microsoft: WebGL is Too Dangerous to Support

June 28, 2011 Added by:Bill Gerneglia

If there is one thing that Microsoft knows well, it is security holes in operating systems and device drivers. They have been heavily engaged in finding complex engineering solutions to solve some of the most difficult security compromises for more than 20 years. We should all listen to this warning...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

SMBs Face Growing threat from Mass Meshing Attacks

June 17, 2011 Added by:Headlines

"Because they can do it at such a precise level, when they attack they don't just inject a single malicious script like in mass SQL injections. They inject a backdoor, which allows them total control of all the files on the website..."

Comments  (0)

A6f6ba95b73de19f947cf4eceecb2bed

Introducing WPScan – A WordPress Security Scanner

June 16, 2011 Added by:Ryan Dewhurst

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses in WordPress installations. Its intended use is for security professionals or WordPress administrators, and the code base is Open Source and licensed under GPLv3...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Years of Security Neglect - Solved in 24 Hours of Panic?

June 16, 2011 Added by:Rafal Los

It's been uncovered that your company is the next target of a hacktivist organization. Then panic sets in as everyone realizes the network that's been neglected for the last decade is responsible for 75% of your business revenue, and will likely be the front line of attack...

Comments  (0)

A6f6ba95b73de19f947cf4eceecb2bed

Patching WordPress Username Disclosure

June 05, 2011 Added by:Ryan Dewhurst

According to OSVDB 55713 this vulnerability was reported to WordPress by Core Security Technologies in June 2009. At the time of writing, the latest version of WordPress is 3.1.3 and is still vulnerable to this vulnerability. Here is how to patch the vulnerability yourself...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Web Application Attack and Audit Framework 1.0 Released

June 03, 2011 Added by:Headlines

"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Web App Configuration Analyzer 2.0 Tool Released

May 20, 2011 Added by:Headlines

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can also be used by developers to ensure that their codebase works within a secure / hardened environment...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Geek.com Spreading Malware via Invisible iFrame

May 18, 2011 Added by:Headlines

The main page of the site - including the "Homepage" and the "About Us" section - contain an invisible iframe with JavaScript downloaded from sites contaminated by a custom set of exploits. The malicious code attempts to take advantage of vulnerabilities on the end user’s machine...

Comments  (1)

44fa7dab2a22dc03b6a1de4a35b7834a

Web Application Security - Real or Imagined?

May 17, 2011 Added by:Bill Gerneglia

Once an user accesses your databases through a web application, your control over the user's actions diminishes. A malicious user can "craft" inputs into their browser that allow them to do things other than what you want them to do. Security is a real concern in such a situation...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »