Vulnerabilities

Ffc4103a877b409fd8d6da8f854f617e

What We Know About Shellshock and Why the Bash Bug Matters

September 26, 2014 Added by:InfosecIsland News

Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

A Fresh Approach to Building an Application Security Program

September 18, 2014 Added by:Rohit Sethi


All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

CERT Pudding and the War on Bad SSL

September 10, 2014 Added by:Tripwire Inc

SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.

Comments  (1)

306708aaf995cf6a77d3083885b60907

Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems

August 19, 2014 Added by:Mike Lennon

TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.

Comments  (0)

C940e50f90b9e73f42045c05d49c6e17

More Dot-Gov Sites Found Compromised

August 19, 2014 Added by:Malwarebytes

With the number of .gov sites we have seen that are insecure, it pays for users to be careful of potential risks they may encounter when visiting them.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Is EMET Dead?

August 18, 2014 Added by:Tripwire Inc

Exploit mitigation techniques have come a long way.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

White House Website Includes Unique Non-Cookie Tracker, Conflicts With Privacy Policy

July 23, 2014 Added by:Electronic Frontier Foundation

According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.

Comments  (2)

306708aaf995cf6a77d3083885b60907

DHS Mistakenly Releases 840-pages of Critical Infrastructure Documents

July 09, 2014 Added by:Mike Lennon

The U.S. Department of Homeland Security (DHS) has released hundreds of documents, some of which contain sensitive information and potentially vulnerable critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request about a cyber-security attack.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Choosing the Right Entry Point for a Software Security Program

June 30, 2014 Added by:Rafal Los

The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Quick and Easy Website Vulnerability Scans with OWASP-ZAP

June 05, 2014 Added by:Dan Dieterle

OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Proactively Hardening Systems: Application and Version Hardening

May 20, 2014 Added by:Tripwire Inc

If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.

Comments  (0)

9fb165a9b7dfef2a9f8ac7d69b22a42c

Heartbleed – How Did Internet Security Almost Bleed Out?

May 13, 2014 Added by:Vince Kornacki

Can we guarantee that Heartbleed will never happen again? No. Application code is still written by humans, so mistakes will be made. They are inevitable. However, it is crucial that the technology industry learns from Heartbleed in order to improve processes surrounding protocol design, software development, and vulnerability disclosure.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Heartbleed, Open Source and Open Sores

May 08, 2014 Added by:Tripwire Inc

Now that things are settling down after Heartbleed, I think about some of the conversations I’ve had about OpenSSL and open source software over the past couple of weeks.

Comments  (1)

Ffc4103a877b409fd8d6da8f854f617e

New IE Zero-Day Used in Attacks Against Defense, Financial Sectors

April 27, 2014 Added by:InfosecIsland News

Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Heartbleed Should Give You Cardiac Arrest

April 09, 2014 Added by:Tripwire Inc

Estimates are over 66% of active websites on the internet may be vulnerable to this bug, found in OpenSSL, an open source cryptographic library used in the Apache web server and ignx when creating communications with users.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Websites Must Use HSTS in Order to Be Secure

April 07, 2014 Added by:Electronic Frontier Foundation

So why haven't more websites enabled HSTS? The biggest reason, we fear, is that web developers just don't know about it.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »