In this 6 part series on SQLi (SQL Injection) we shall be describing the vulnerability and its variants, showing how it works and what an attacker can do with it. SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL…
South African cyber crimes bill released, includes 25 year sentencing
South Africa is the latest country taking measures to tighten up on cyber crime. In the draft of their Cybercrimes and Cyber Security bill, are included explicit penalties for cyber crimes, ranging from fines to a maximum of 25 years in prison. The draft includes…
In the headlines: South Korea’s cyber attacks, DHS networks, Adobe Shockwave Player and more
South Korea has had over 110,000 cyber attacks in the last 5 years A recently released report has revealed that South Korean government agencies were subject to over 114,000 cyber attacks in the last five years. The report, compiled using data from the National Computing…
XSS in Google Feedburner
A fundamental aspect of web applications which developers should bear in mind is securing the input inserted by the user. Many times, due to lack of attention or understanding, programmers might ignore the review of the code, resulting in security breaches, which through exploiting represent…
In the headlines: FireEye and Kaspersky vulnerabilities, Windows 10 ‘Keylogger’ and more
Windows 10 ‘Keylogger’ and how to switch it off When the first Windows 10 preview was released, there were reports of it containing a keylogger. It now appears that this feature did indeed make it into the released version, via the Windows helper Cortana. As…
Cross-site Scripting and its variants explained
Cross-site Scripting (XSS) has been making the Top 5 list of exploitable vulnerabilities since it was first discovered way back in the 1990s. The term XSS refers to a client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or…
What preventive steps can SMEs take to reduce the chance of cyber attack?
Every week the headlines carry news of high profile cyber attacks, in fact every day cyber criminals compromise thousands of websites – often without the site owner knowing. A recent study of 15,000 websites found nearly half contained a ‘high-severity’ vulnerability waiting to be exploited…
Netflix Sleepy Puppy – Nothing new
Netflix has released an open source tool that their engineering team have developed in-house that can find second-order XSS vulnerabilities in web applications. The tool is called Sleepy Puppy, and while it’s a good initiative from Netflix, the auto-detection of ‘Delayed XSS’ is nothing new….
Password hashing and the Ashley Madison hack
The mainstream media is in a frenzy about the Ashley Madison hack, and with good reason. Aside from the shady social and moral motives that most people are criticising Avid Life Media (the site’s owners) about, the breach is a notable one in terms of…