Category Archives: Surviving The Week

Weekly collection of the top news/stories/articles/blog_posts related to application security. These may not always be the big headlines or directly focused on application security, but they will be the items that interested me the most, and hopefully will be of interest to my readers. Great replacement for Jeremiah’s defunct “Best of Application Security” series.

Surviving the Week 11/9/12, NBC and Coca Cola hacked this week

Couple of Major hacks this week – NBC and Coca Cola A number of NBC sites were hacked this week. There is no official news on what attacks has been used. Test your application with…

Full Article →

Surviving the Week 11/2/12, Ford website hacked by NullCrew

We’re a bit late this week on our Surviving the Week post, because we’ve been busy with our recent product launch of NTOSpider 6. During the month of October, I spoke at HouSecCon, ToorCon and OWASP AppSec…

Full Article →

Surviving the Week 10/26/12, XSS reported as most frequent attack type

Redirect flaw on .gov sites leaves open door for phishers At least 20,000 users have fallen victim to a spam campaign that uses shortened links to legitimate government sites to carry out a hoax. In…

Full Article →

Surviving the Week 10/19/12

Security Flaw Found in Steam Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system Steam. When your browser accesses a URL that begins with…

Full Article →

Surviving the Week 10/12/12, The cloud is a scary place

The Cloud is a Scary Place Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such as Paypal, Facebook, Mozilla, Google, and Twitter. But with bug…

Full Article →

Surviving the Week 10/5/12, Enterprises Struggle With Business Logic Attacks, Survey Finds

Enterprises Struggle With Business Logic Attacks, Survey Finds A new survey emphasizes how business logic attacks can slip under the radar of development teams and cost enterprises time and money. More than 600 IT professionals…

Full Article →

Surviving the Week 9/28/12

Passwords of 100k IEEE members lie bare on FTP server IEEE uses Akamai for content delivery. A FTP directory server was discovered which contained log files of username, password, IP addresses and HTTP request information. …

Full Article →

Surviving the Week 9/21/12

2012 HouSecCon, 10/11/2012 (in Houston) HouSecCon is coming up – October 11th in Houston. The agenda is shaping up with a bunch of hot topics and well-known speakers. I’ll (Dan Kuykendall) be speaking on mobile…

Full Article →

Surviving the Week 9/14/12

Surviving SQL Injection (link to free SQL Injection tool) SQLInjection continues to be in the news each week. Despite the fact that it the most well understood vulnerability, it remains the most popular attack technique…

Full Article →

Surviving the Week 9/7/12

A Number of Exploits Including SQL Injection, XSS, and Authentication Bypass This week, researchers found some remarkable vulnerabilities including Remote code execution, SQL Injection, and Cross-Site Scripting within bug tracking systems as well as in…

Full Article →

Page 2 of 6123 4 5 6