Vulnerabilities

7ddc1f3000a13e4dfec28074e9e7b658

What Makes a Good Security Audit?

November 10, 2014 Added by:Electronic Frontier Foundation

In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Can Hackers Get Past Your Password?

November 05, 2014 Added by:Steve Durbin

Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.

Comments  (2)

F45df53d99605d46f5ae32b7bed9fe22

The True Cost of a Data Breach

October 20, 2014 Added by:Thu Pham

iThemes, a WordPress (WP) security provider, was recently breached and approximately 60,000 clients in their membership database had a slew of information stolen, including usernames, passwords, IP addresses and more. But, what is of particular concern is the fact that the company was storing their members’ passwords in plain text, which they admitted was in error in a 

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

How to Build Up Your Secure Development

October 13, 2014 Added by:Tripwire Inc

At some point, your company is going to get the security wake-up call. Whether it’s a breach or an inquiry from an important customer that triggers it, your executives are going to call you one morning, demanding you focus on security in the development of your product.

Comments  (0)

96d1382d50a8e569d7ad3d9ee104a1f7

IT Security’s Russian Roulette -- Legacy Java Vulnerabilities

October 09, 2014 Added by:Prateep Bandharangshi

The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Data Privacy Smoke and Mirrors

October 01, 2014 Added by:Dan Dieterle

As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

What We Know About Shellshock and Why the Bash Bug Matters

September 26, 2014 Added by:InfosecIsland News

Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

A Fresh Approach to Building an Application Security Program

September 18, 2014 Added by:Rohit Sethi


All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

CERT Pudding and the War on Bad SSL

September 10, 2014 Added by:Tripwire Inc

SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.

Comments  (1)

306708aaf995cf6a77d3083885b60907

Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems

August 19, 2014 Added by:Mike Lennon

TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.

Comments  (0)

C940e50f90b9e73f42045c05d49c6e17

More Dot-Gov Sites Found Compromised

August 19, 2014 Added by:Malwarebytes

With the number of .gov sites we have seen that are insecure, it pays for users to be careful of potential risks they may encounter when visiting them.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Is EMET Dead?

August 18, 2014 Added by:Tripwire Inc

Exploit mitigation techniques have come a long way.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

White House Website Includes Unique Non-Cookie Tracker, Conflicts With Privacy Policy

July 23, 2014 Added by:Electronic Frontier Foundation

According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.

Comments  (2)

306708aaf995cf6a77d3083885b60907

DHS Mistakenly Releases 840-pages of Critical Infrastructure Documents

July 09, 2014 Added by:Mike Lennon

The U.S. Department of Homeland Security (DHS) has released hundreds of documents, some of which contain sensitive information and potentially vulnerable critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request about a cyber-security attack.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Choosing the Right Entry Point for a Software Security Program

June 30, 2014 Added by:Rafal Los

The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Quick and Easy Website Vulnerability Scans with OWASP-ZAP

June 05, 2014 Added by:Dan Dieterle

OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »