Network devices, except maybe firewalls, are not usually perceived as security sensitive assets. Manufacturers and users do not invest time in assessing the security state of routers and switches. IT admins, handling business IT infrastructures, are mainly concerned with uptime when it comes to network…
What You Don’t Know About Web Security CAN Hurt You
How secure is your web environment? You know, your business’ marketing website, your customer-facing web applications, your internal financials application, the various cloud services that process and store business assets, and so on. Many business executives don’t have the slightest idea about the security of…
The Results are in – Verizon 2014 Data Breach Investigations Report
The numbers are in… and cybercrime had quite an active 2013 according to Verizon’s 2014 Data Breach Investigations Report (DBIR) – one of the information security industry’s most prominent studies compiled from over 50 contributing organizations. This year’s report includes an array of security issues,…
Key Web Application Security Metrics
How’s your web application security program measuring up today? If you’re like many people, you’re simply going through the motions of periodic vulnerability scans and problem resolution. It’s a vicious cycle that may or may not be delivering the results you’re looking for. Given all…
Danger: Open Ports – Trojan is as Trojan does
Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside, in order to perform their jobs. Security best practices imply the use of a firewall system that controls…
Ways to Keep your Developers Interested in Web Security
Working in IT over the past couple of decades I’ve witnessed the good, the bad, and the downright ridiculous when it comes to the way software developers are treated by management. Seeing what I’ve seen, and having been in those shoes, I’m convinced that the…
The Aftermath of the Heartbleed Bug
The Heartbleed bug, a security flaw in the popular OpenSSL library used for data encryption, has taken the web security world by storm, and the victim toll has started to rise. The first reported victims include the Canada Revenue Agency (with 900 social security numbers…
Elaborate Ways to Exploit XSS: XSS Proxies
In his book “Web Application Vulnerabilities: Detect, Exploit, Prevent”, Steve Palmer describes XSS Proxies as cross-site scripting exploitation tools that allow attackers to temporarily take control over the victim’s browser. XSS Proxy functions as a web server which takes commands from the attacker via a…
CSRF and XSS – Brothers in Arms
What is CSRF (XSRF)? Cross-Site Request Forgery is a type of web attack which exploits the trust of a website in the user’s browser. In essence, the attacker manipulates the victim’s browser to send requests in the user’s name to websites that have been visited…