Validation Validation is the process in which data is checked against specific criteria/specification. It is being used to check if the information given by a user is in the expected/correct format before it is processed. Validation is very important as if used correctly, it allows…
Changes to Network Architectures & The Security Tools required, Part 2
Part one in this two part series looked at the evolution of a network architecture and how it affects security. Here we will take a deeper look at the security tools needed to deal with these changes. The Firewall is not enough Firewalls in three-tier…
Domain Fronting: Poking a hole in the Whitelist for Bypassing Firewalls
Domain Fronting is a widely popular technique that is used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent…
PHP Security Part 3: XSS and Password Storage
When developing a web application, it is extremely important to have security in mind and be aware of the different risks. If one does not know the risks and the mechanics behind each vulnerability, there is no way to protect against it. In Parts 1…
Evolution of the Network Architecture & How It has Affected Security, Part 1
The History of Network Architecture The goal of any network and its underlying infrastructure is simple. It is to securely transport the end user’s traffic to support an application of some kind without any packet drops which may trigger application performance problems. Here a key…
PHP Security Part 2: Directory Traversal & Code Injection
Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies in the fact that user input, which plays a critical role in the security of a web application, is…
PHP Security: The Big Picture
Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. No matter what programming language you use…
What is Insecure Deserialization?
Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top…
Online Security: Application Security Testing – Part 2
Part 1 in this series looked at Online Security and the flawed protocols it lays upon. Online Security is complex and its underlying fabric was built without security in mind. Here we shall be exploring aspects of Application Security Testing. We live in a world…