Blog Posts Tagged with "Web Application Security"

69dafe8b58066478aea48f3d0f384820

Companies Spend More on Coffee Than Web App Security

February 10, 2011 Added by:Headlines

A recent report by the Ponemon Institute, Cenzic and Barracuda Networks has produced a startling statistic: eight-eight percent of companies surveyed indicate they spend more on coffee than they do on securing Web applications...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Hacked .GOV .MIL and .EDU Sites for Sale

January 22, 2011 Added by:Headlines

"The victims' vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum – see screen shot and explanation..."

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Delicious WebApp Hacking

January 12, 2011 Added by:Rob Fuller

In the last post I showed off how Archive.org's Wayback machine can be used to pull urls for a domain, another place where URLs are stored and can be searched by domain is Delicious.com. It may even reveal subdomains and hosts you didn't know about. This can be a very handy set of data...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Vulnerabilities Found in Many Fortune 500 Websites

January 11, 2011 Added by:Headlines

In a survey of the websites belonging to all Fortune 500 listed companies and an additional selection of 175 other businesses, researchers found that nearly fifteen percent contained serious security flaws that leave the sites open to cross-site scripting (XSS) and open redirect exploitations...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Wayback WebApp Hacking

January 06, 2011 Added by:Rob Fuller

Archive.org allows you to check the history of sites and pages, but a service most are not aware of is one that allows you to get a list of every page for a given domain. Many times you'll find parts of web apps that have been long forgotten, and usually vulnerable...

Comments  (0)

065b7cfbbb03ac9d18cbf5ed0615b40a

The Misconceptions of Sidejacking with Firesheep

December 12, 2010 Added by:Stefan Fouant

Recent activity around a new Firefox extension developed by a pair of researchers brings the issue of session hijacking front and center. Firesheep essentially enables an attacker to grab other people's credentials and use them to gain access to various web sites...

Comments  (0)

Fdaa09fc5ed18d3226b3a1a00f1bc48c

Securing Java Apps with Smart Cards and Single-Sign-On

December 08, 2010 Added by:Daniel Doubrovkine

The advantages of this method are clear. There aren’t any usernames or passwords exchanged and the modern versions of the security protocols are not vulnerable to brute-force or man-in-the-middle attacks. The enterprise can roll out stronger authentication without changing the applications...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Is Your VOIP Secure?

December 07, 2010 Added by:Simon Heron

VOIP has tremendous benefits for business users – which include cost savings and greater productivity – but like anything else it comes with associated security risks for the corporate network, and these risks must be identified prior to VOIP being rolled out...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

W3C Buries Web SQL Database Standard

December 03, 2010 Added by:Rafal Los

Although I keep saying that things are most secure when they're simple the new specification is orders of magnitude more complex - more documentation, moving parts, bits - than the Web SQL Database which had security as a principle. What could possibly go wrong, right?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Small Office, Big Software and eHealth Problems

November 28, 2010 Added by:Rafal Los

So you're stuck between the proverbial rock and a hard place right? You can't afford commercial apps which at least come with the luxury of risk transference -and you can't afford to do the right thing and see for yourself... or can you?

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Alert: New OpenSSL Vulnerability

November 18, 2010 Added by:Brent Huston

A new security issue in OpenSSL should be on the radar of your security team. Stunnel and Apache are NOT affected, many other packages appear to be. The issue allows denial of service and possibly remote code execution. Patches for OpenSSL and packages that use it are starting to roll in...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Secure Coding and Application Vulnerability Scanning

November 08, 2010 Added by:PCI Guru

There is a lot of confusion regarding secure coding standards and application vulnerability scanning requirements 6.5 and 6.6. First, let us talk about the intent of these requirements. The overall intent of both of these standards is to stop insecure applications from being placed in production...

Comments  (0)

6d117b57d55f63febe392e40a478011f

DDoS Attacks Aim to Censor Human Rights Groups

November 02, 2010 Added by:Anthony M. Freed

A rash of DDoS attacks were levied against the websites of at least six human rights organizations in an attempt at cyber censorship for the airing of controversial video footage that allegedly shows human rights abuses on the part of the Indonesian government against several Papuan civilians...

Comments  (1)

1f2f664e68a603b3c54890fbbcd37857

Social Networking and Mobile Security

October 06, 2010 Added by:Mark Gardner

The Twitter Worm, Facebook service failure, and then just recently Foursquare was down; in a short space of time each of the major social networks have suffered either attack or at least publicized technical difficulties. As I have said, this to me is too much of a coincidence...

Comments  (0)

1961d93172f8088a077c52e638e31f41

Real Time Social Media Monitoring and Correlation

September 29, 2010 Added by:Heather Howland

The Internet has revolutionized how individuals and corporations interface with the each other, and now social networks are revolutionizing how we interface with the Internet. Unfortunately, these innovations have come at a tremendous cost to enterprise security efforts...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Am I an Admin? Railgun Script Review

September 25, 2010 Added by:Rob Fuller

Being that Shell32.dll isn’t included in Railgun by default we have to add it. After writing it I decided to add some checks. These checks make sure that each piece of the script isn’t already loaded. It’s a good reference for doing this in the future...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »