Web App Security

Af7244bb99debb4a1152fa49a993a05c

Black Hat Conference Talk on How to Break Tor Cancelled

July 22, 2014 Added by:Eduard Kovacs

Organizers of the Black Hat security conference that's scheduled to take place next month in Las Vegas announced that a presentation detailing how the Tor network's users can be de-anonymized has been cancelled.

Comments  (0)

306708aaf995cf6a77d3083885b60907

DHS Mistakenly Releases 840-pages of Critical Infrastructure Documents

July 09, 2014 Added by:Mike Lennon

The U.S. Department of Homeland Security (DHS) has released hundreds of documents, some of which contain sensitive information and potentially vulnerable critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request about a cyber-security attack.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Choosing the Right Entry Point for a Software Security Program

June 30, 2014 Added by:Rafal Los

The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Software Security: An Imperative to Change

June 05, 2014 Added by:Rohit Sethi

Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Quick and Easy Website Vulnerability Scans with OWASP-ZAP

June 05, 2014 Added by:Dan Dieterle

OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Proactively Hardening Systems: Application and Version Hardening

May 20, 2014 Added by:Tripwire Inc

If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.

Comments  (0)

9fb165a9b7dfef2a9f8ac7d69b22a42c

Heartbleed – How Did Internet Security Almost Bleed Out?

May 13, 2014 Added by:Vince Kornacki

Can we guarantee that Heartbleed will never happen again? No. Application code is still written by humans, so mistakes will be made. They are inevitable. However, it is crucial that the technology industry learns from Heartbleed in order to improve processes surrounding protocol design, software development, and vulnerability disclosure.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Heartbleed, Open Source and Open Sores

May 08, 2014 Added by:Tripwire Inc

Now that things are settling down after Heartbleed, I think about some of the conversations I’ve had about OpenSSL and open source software over the past couple of weeks.

Comments  (1)

Ffc4103a877b409fd8d6da8f854f617e

New IE Zero-Day Used in Attacks Against Defense, Financial Sectors

April 27, 2014 Added by:InfosecIsland News

Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Heartbleed Should Give You Cardiac Arrest

April 09, 2014 Added by:Tripwire Inc

Estimates are over 66% of active websites on the internet may be vulnerable to this bug, found in OpenSSL, an open source cryptographic library used in the Apache web server and ignx when creating communications with users.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Websites Must Use HSTS in Order to Be Secure

April 07, 2014 Added by:Electronic Frontier Foundation

So why haven't more websites enabled HSTS? The biggest reason, we fear, is that web developers just don't know about it.

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease?

April 01, 2014 Added by:Tal Be'ery

One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...

Comments  (0)

76e662e7786bf88946bd6c010c03ac65

We Have to Find Ways to Reinforce Trust

March 29, 2014 Added by:Jarno Limnéll

We are losing the battle for cyberspace. Not because malicious actors are taking over the digital world, but because we are forgetting what is the element that makes us feel safe and secure in any world: the ability to trust.

Comments  (0)

37c1b0270687e8148e56508e805f8b8e

The Windows XP Rundown is Really About Security

March 18, 2014 Added by:Praveen Manohar

Now is an appropriate time to discuss the implications of the end of XP support and explore what the rundown is really all about: security.

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Zero Trust and the Age of Global Connectivity

February 27, 2014 Added by:Simon Moffatt

The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.

Comments  (0)

306708aaf995cf6a77d3083885b60907

Apple Fixes iOS SSL Validation Flaw That Enables Man-in-the-Middle Attacks

February 21, 2014 Added by:Mike Lennon

Apple has released iOS 7.0.6 which patches a flaw in iOS that enables a man-in-the-middle attack of encrypted (SSL) connections

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »