Blog Posts Tagged with "Web Application Security"


Companies Spend More on Coffee Than Web App Security

February 10, 2011 Added by:Headlines

A recent report by the Ponemon Institute, Cenzic and Barracuda Networks has produced a startling statistic: eight-eight percent of companies surveyed indicate they spend more on coffee than they do on securing Web applications...

Comments  (1)


Hacked .GOV .MIL and .EDU Sites for Sale

January 22, 2011 Added by:Headlines

"The victims' vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum – see screen shot and explanation..."

Comments  (0)


Delicious WebApp Hacking

January 12, 2011 Added by:Rob Fuller

In the last post I showed off how's Wayback machine can be used to pull urls for a domain, another place where URLs are stored and can be searched by domain is It may even reveal subdomains and hosts you didn't know about. This can be a very handy set of data...

Comments  (1)


Vulnerabilities Found in Many Fortune 500 Websites

January 11, 2011 Added by:Headlines

In a survey of the websites belonging to all Fortune 500 listed companies and an additional selection of 175 other businesses, researchers found that nearly fifteen percent contained serious security flaws that leave the sites open to cross-site scripting (XSS) and open redirect exploitations...

Comments  (0)


Wayback WebApp Hacking

January 06, 2011 Added by:Rob Fuller allows you to check the history of sites and pages, but a service most are not aware of is one that allows you to get a list of every page for a given domain. Many times you'll find parts of web apps that have been long forgotten, and usually vulnerable...

Comments  (0)


The Misconceptions of Sidejacking with Firesheep

December 12, 2010 Added by:Stefan Fouant

Recent activity around a new Firefox extension developed by a pair of researchers brings the issue of session hijacking front and center. Firesheep essentially enables an attacker to grab other people's credentials and use them to gain access to various web sites...

Comments  (0)


Securing Java Apps with Smart Cards and Single-Sign-On

December 08, 2010 Added by:Daniel Doubrovkine

The advantages of this method are clear. There aren’t any usernames or passwords exchanged and the modern versions of the security protocols are not vulnerable to brute-force or man-in-the-middle attacks. The enterprise can roll out stronger authentication without changing the applications...

Comments  (0)


Is Your VOIP Secure?

December 07, 2010 Added by:Simon Heron

VOIP has tremendous benefits for business users – which include cost savings and greater productivity – but like anything else it comes with associated security risks for the corporate network, and these risks must be identified prior to VOIP being rolled out...

Comments  (0)


W3C Buries Web SQL Database Standard

December 03, 2010 Added by:Rafal Los

Although I keep saying that things are most secure when they're simple the new specification is orders of magnitude more complex - more documentation, moving parts, bits - than the Web SQL Database which had security as a principle. What could possibly go wrong, right?

Comments  (0)


Small Office, Big Software and eHealth Problems

November 28, 2010 Added by:Rafal Los

So you're stuck between the proverbial rock and a hard place right? You can't afford commercial apps which at least come with the luxury of risk transference -and you can't afford to do the right thing and see for yourself... or can you?

Comments  (0)


Alert: New OpenSSL Vulnerability

November 18, 2010 Added by:Brent Huston

A new security issue in OpenSSL should be on the radar of your security team. Stunnel and Apache are NOT affected, many other packages appear to be. The issue allows denial of service and possibly remote code execution. Patches for OpenSSL and packages that use it are starting to roll in...

Comments  (0)


Secure Coding and Application Vulnerability Scanning

November 08, 2010 Added by:PCI Guru

There is a lot of confusion regarding secure coding standards and application vulnerability scanning requirements 6.5 and 6.6. First, let us talk about the intent of these requirements. The overall intent of both of these standards is to stop insecure applications from being placed in production...

Comments  (0)


DDoS Attacks Aim to Censor Human Rights Groups

November 02, 2010 Added by:Anthony M. Freed

A rash of DDoS attacks were levied against the websites of at least six human rights organizations in an attempt at cyber censorship for the airing of controversial video footage that allegedly shows human rights abuses on the part of the Indonesian government against several Papuan civilians...

Comments  (1)


Social Networking and Mobile Security

October 06, 2010 Added by:Mark Gardner

The Twitter Worm, Facebook service failure, and then just recently Foursquare was down; in a short space of time each of the major social networks have suffered either attack or at least publicized technical difficulties. As I have said, this to me is too much of a coincidence...

Comments  (0)


Real Time Social Media Monitoring and Correlation

September 29, 2010 Added by:Heather Howland

The Internet has revolutionized how individuals and corporations interface with the each other, and now social networks are revolutionizing how we interface with the Internet. Unfortunately, these innovations have come at a tremendous cost to enterprise security efforts...

Comments  (0)


Am I an Admin? Railgun Script Review

September 25, 2010 Added by:Rob Fuller

Being that Shell32.dll isn’t included in Railgun by default we have to add it. After writing it I decided to add some checks. These checks make sure that each piece of the script isn’t already loaded. It’s a good reference for doing this in the future...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »