We appreciate Kevin Beaver’s recent blog post about NTOSpider’s unique ability to authenticate on some of the trickiest applications and stay properly logged-in throughout the scan. At NTO we take pride […]
We are now in the middle of week 4, but I want to catch everyone up on whats been happening. First of all, I am […]
SQL injection vulnerabilities have threatened application security for years. So why are they still quite common, despite the fact that we, as an industry, should […]
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it […]
The podcasting returns! This is the first new episode of InfoSec Place and in a few days will be the return of my web security […]
Podcast: Play in new window | Download (Duration: 57:24 — 81.8MB)
Subscribe: Apple Podcasts | RSS
This November I will be presenting at AppSec USA, Revenge of the Geeks: Hacking Fantasy Football. So this year, I am starting a hackers only fantasy football league. Come join us to have fun and maybe make a little money!
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was recently updated. The 2013 Top 10 Listfeatures some incremental but noteworthy changes that point to the project’s maturity.
Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is […]
Last week, hackers gained access to Twitter’s internal systems and stole information, compromising 250,000 accounts. In a blog post, on Friday, Twitter announced that they […]
An Indian researcher, Prakhar Prasad found a Blind SQL Injection vulnerability in the Paypal Notifications (https://www.paypal-notify.com) application as part of a bug bounty program. The bug enabled him to […]
On the morning of the Twitter attack, I received this email: On one hand, I appreciate that Twitter was up front with their users, but […]
Most people are starting to realize that they need to start using more complex passwords, but generally believe: complex password = hard to remember This […]
All aboard the Pineapple Express, its a speeding bullet to the mobile backend! I’m looking forward to speaking at the upcoming B-Sides San Francisco. Most of […]
Anonymous Hackers hacked and defaced United States Sentencing Commission under the operation called “#opLastResort”. And also threatened the US government to release sensitive information. Hacked […]
Google Morocco was the latest victim of a Domain Name System or DNS attack. A notorious Pakistani leet hacker group named, “PAKbugs”, hijacked Google Morocco’s […]
Much has been written this week on the sad story of Aaron Swartz and the Anonymous hack executed in his name. This story has affected […]
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The […]
Please join us for this upcoming webcast, SANS Survey on Application Security Policies in Enterprises, on December 13 at 1 PM EDT where SANS will […]
Detecting Successful XSS Testing with JS Overrides with ModSecurity The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to […]
This is a bit out of character for the purpose of this site, but as a Minecraft fan/addict I have enjoyed the various parody songs that […]
Podcast: Play in new window | Download (0.0KB)
Subscribe: Apple Podcasts | RSS
PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment PCI Security Standards Council released guidelines for DSS risk assessment. There are three […]
Not a Great Week for Password Protection Earlier in the week, we saw Twitter forcing users to change their password due to some password loss. […]
Couple of Major hacks this week – NBC and Coca Cola A number of NBC sites were hacked this week. There is no official news […]
We’re a bit late this week on our Surviving the Week post, because we’ve been busy with our recent product launch of NTOSpider 6. During […]
Redirect flaw on .gov sites leaves open door for phishers At least 20,000 users have fallen victim to a spam campaign that uses shortened links […]
Copyright © 2024 | WordPress Theme by MH Themes