XSS & CSRF with HTML5 – Attack, Exploit, and Defense (OWASP AppSecUSA Presentation Review)
This very useful talk was as much an education in HTML5 for me as it was an education on how HTML5 can be abused. I […]
This very useful talk was as much an education in HTML5 for me as it was an education on how HTML5 can be abused. I […]
First off, in the spirit of full disclosure, two points: One is that this talk took place at the same time as the Shreeraj Shah […]
SQL Server Exploitation, Escalation, and Pilfering The general thesis of this talk I attended by Scott Sutherland and Antti Rantasaari from @NetSpi is that SQL Server is mostly […]
This talk, by Ofer Maor, CTO – Quotium (Follow on Twitter, @quotium) at 2012 AppSecUSA, addressed something that I see is an up and coming issue, interactive in-memory code […]
Continuing my series of write-ups on the talks I attended at AppSecUSA this year. Sherif Koussa (@Skoussa) who is a Principal Application Security Consultant at Software Secured presented this talk […]
This is a continuation of my series on the talks I attended at OWASP AppSecUSA in October of this year. Presenters: Alejandro Caceres, Computer Network Operations Engineer […]
Please join us for this upcoming webcast, SANS Survey on Application Security Policies in Enterprises, on December 13 at 1 PM EDT where SANS will […]
Detecting Successful XSS Testing with JS Overrides with ModSecurity The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to […]
This is a bit out of character for the purpose of this site, but as a Minecraft fan/addict I have enjoyed the various parody songs that […]
Podcast: Play in new window | Download (0.0KB)
Subscribe: Apple Podcasts | RSS
Payback on Web Attackers: Web Honeypots As a web application scanning tool developer and architect at NT OBJECTives, I’m always thinking about how website are […]
PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment PCI Security Standards Council released guidelines for DSS risk assessment. There are three […]
At AppSecUSA, I attended an illuminating talk by Phil Purviance, who is an Application Security Consultant at AppSec Consulting, Inc. The talk was called, Blended Threats & JavaScript: A Plan […]
At OWASP AppSecUSA this year, I attended Douglas Crockford talk on Securing JavaScript. Doug is a JavaScript developer and also discovered JSON. I was looking […]
Not a Great Week for Password Protection Earlier in the week, we saw Twitter forcing users to change their password due to some password loss. […]
Couple of Major hacks this week – NBC and Coca Cola A number of NBC sites were hacked this week. There is no official news […]
We’re a bit late this week on our Surviving the Week post, because we’ve been busy with our recent product launch of NTOSpider 6. During […]
Redirect flaw on .gov sites leaves open door for phishers At least 20,000 users have fallen victim to a spam campaign that uses shortened links […]
Security Flaw Found in Steam Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system […]
The Cloud is a Scary Place Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such […]
Enterprises Struggle With Business Logic Attacks, Survey Finds A new survey emphasizes how business logic attacks can slip under the radar of development teams and […]
Passwords of 100k IEEE members lie bare on FTP server IEEE uses Akamai for content delivery. A FTP directory server was discovered which contained log […]
2012 HouSecCon, 10/11/2012 (in Houston) HouSecCon is coming up – October 11th in Houston. The agenda is shaping up with a bunch of hot topics […]
Surviving SQL Injection (link to free SQL Injection tool) SQLInjection continues to be in the news each week. Despite the fact that it the most […]
A Number of Exploits Including SQL Injection, XSS, and Authentication Bypass This week, researchers found some remarkable vulnerabilities including Remote code execution, SQL Injection, and […]
XSS: Gaining Access to HttpOnly Cookie Using the method getHeaderField in the Java HTTP API, any applet can access cookies with the HttpOnly flag set. […]
Copyright © 2024 | WordPress Theme by MH Themes