Web App Security
October 09, 2012 Added by:Mikko Jakonen
How come banks are telling people to maintain their security better, without putting their OWN reputation and capabilities in line with the DIRECT consequences of the change paradigm towards ‘webalized’ approach we have witnessed for years, has now resulted as poor operational security...
October 07, 2012 Added by:Electronic Frontier Foundation
Three more NSA whistleblowers, including William Binney a former high ranking official involved with the program during its infancy, also submitted affidavits laying out how the NSA illegally spied on Americans in the aftermath of 9/11...
October 04, 2012 Added by:Jeremy Sobeck
As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the fact is the attack still works. The vulnerability was widely used in conjunction with the Conficker worm, which affected more than 9 to 15 million systems...
October 03, 2012 Added by:Electronic Frontier Foundation
The Fourth Amendment has not kept up with technology. And a recent case decided by the Ninth Circuit Court of Appeals highlights the increasing way rights are adjudicated when it comes to data stored by other companies: through the service agreement a user enters into with a company...
September 30, 2012 Added by:Electronic Frontier Foundation
Congress needs to know that the Internet is watching and that users won’t sit on the sidelines as technology intended to connect us and bring knowledge to people worldwide is turned against us for the purposes of censorship and surveillance...
September 25, 2012 Added by:Electronic Frontier Foundation
EFF and other digital rights advocates are continuing to fight for Do Not Track, a one-click browser-based signal users can turn on to tell websites not to track their online browsing habits. In this article, we’ll be reviewing recent Congressional hearings about online tracking...
September 24, 2012
Attackers take advantage of any externally facing web application. If you think about a web application is not mission because it’s not touching data and if there is a SQL Injection vulnerability that exists in there attackers can use that to gain a foothold inside the network...
September 23, 2012 Added by:Electronic Frontier Foundation
The House voted to renew the dangerous FISA Amendment Act which hands the NSA broad, warrantless surveillance powers for another five years. Sadly, the House refused to add any oversight powers or privacy protections, despite evidence the NSA has used it to spy on Americans...
September 20, 2012 Added by:Electronic Frontier Foundation
Since its origins in 2008, Freedom Not Fear has developed the general message: fundamental rights like privacy, free expression, due process, and democratic participation are jeopardized when reactionary, fear-driven surveillance systems penetrate our societies...
September 18, 2012 Added by:Dan Dieterle
Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...
September 17, 2012 Added by:Electronic Frontier Foundation
Rather than waiting for bad legislation, Wikipedians should take this opportunity to make one relatively small technical change that could serve as a bulwark against all kinds of government surveillance, filtering and data retention laws...
September 12, 2012 Added by:Electronic Frontier Foundation
"Disciplines related to IPR could impact how people gain access to the Internet and could constrain what people may say online or how they can collaborate and share content. It is imperative that the IPR chapter of the proposed TPP agreement not inappropriately constrain online activity..."
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
September 08, 2012 Added by:Fergal Glynn
What applications should you be testing? Just because the discovery process identifies 300 web applications doesn’t mean that you’d want to test the 30 that clearly should be decommissioned...
September 08, 2012 Added by:Joel Harding
No computer in the world is safe from a determined hacker. Most of us don’t properly secure our computer, our smart phone, or even our wallets. So how in the heck does storing your credit and debit card information “in the cloud” help you secure your already vulnerable information?
September 05, 2012 Added by:Fergal Glynn
When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...
NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013
Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013
Vulnerability Management and Root Cause Anal... Koen Van Impe on 06-11-2013