When developing a web application, it is extremely important to have security in mind and be aware of the different risks. If one does not know the risks and the mechanics behind each vulnerability, there is no way to protect against it. In Parts 1…
Evolution of the Network Architecture & How It has Affected Security, Part 1
The History of Network Architecture The goal of any network and its underlying infrastructure is simple. It is to securely transport the end user’s traffic to support an application of some kind without any packet drops which may trigger application performance problems. Here a key…
PHP Security Part 2: Directory Traversal & Code Injection
Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies in the fact that user input, which plays a critical role in the security of a web application, is…
PHP Security: The Big Picture
Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. No matter what programming language you use…
What is Insecure Deserialization?
Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top…
Online Security: Application Security Testing – Part 2
Part 1 in this series looked at Online Security and the flawed protocols it lays upon. Online Security is complex and its underlying fabric was built without security in mind. Here we shall be exploring aspects of Application Security Testing. We live in a world…
OWASP Top 10 2017 Update – What You Need to Know
After the long-winding road of discussion and deliberation, revision, disagreements and adjustments, the Open Web Application Security Project (OWASP) are updating their venerable Top 10 list of the most critical web application security risks since 2013. This update brings with it three new entries to…
Online Security: The Underlying Infrastructure – Part 1
Technology Revolutionized A plethora of valuable solutions now run on web-based applications. One could argue that web applications are the forefront of the world. More importantly, we must equip them with appropriate online security tools to barricade against the rising web vulnerabilities. With the right…
Cross-site Flashing (XSF) WordPress Vulnerability, Unpatched and Exploitable
WordPress, the content management system powering north of 28% of websites on the Internet, is certainly no stranger to providing timely security patches to its hundreds of millions of users when security researchers report them. This time however, things took a slightly different turn —…