Surviving The Week | Man Vs WebApp

Surviving the Week 2/1/13 – Ruby on Rails – JSON Parser Vulnerability

February 7, 2013 Dan Kuykendall 0

Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is […]

Surviving the Week 12/21/12

December 21, 2012 Dan Kuykendall 0

HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The […]

Surviving the Week 12/7/12, PayPal Fixes Trio of Remote-Access Vulnerabilities

December 7, 2012 Dan Kuykendall 0

Detecting Successful XSS Testing with JS Overrides with ModSecurity The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to […]

Surviving the Week 11/23/12, PCI Security Standards Council Adds Guidelines

November 23, 2012 Dan Kuykendall 0

PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment PCI Security Standards Council released guidelines for DSS risk assessment. There are three […]

Surviving the Week 11/16/12, Not a Great Week for Password Protection

November 16, 2012 Dan Kuykendall 0

Not a Great Week for Password Protection Earlier in the week, we saw Twitter forcing users to change their password due to some password loss. […]

Surviving the Week 11/9/12, NBC and Coca Cola hacked this week

November 9, 2012 Dan Kuykendall 0

Couple of Major hacks this week – NBC and Coca Cola A number of NBC sites were hacked this week. There is no official news […]

Surviving the Week 11/2/12, Ford website hacked by NullCrew

November 5, 2012 Dan Kuykendall 0

We’re a bit late this week on our Surviving the Week post, because we’ve been busy with our recent product launch of NTOSpider 6. During […]

Surviving the Week 10/26/12, XSS reported as most frequent attack type

October 29, 2012 Dan Kuykendall 0

Redirect flaw on .gov sites leaves open door for phishers At least 20,000 users have fallen victim to a spam campaign that uses shortened links […]

Surviving the Week 10/19/12

October 22, 2012 Dan Kuykendall 0

Security Flaw Found in Steam Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system […]

Surviving the Week 10/12/12, The cloud is a scary place

October 12, 2012 Dan Kuykendall 0

The Cloud is a Scary Place Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such […]

Surviving the Week 10/5/12, Enterprises Struggle With Business Logic Attacks, Survey Finds

October 6, 2012 Dan Kuykendall 0

Enterprises Struggle With Business Logic Attacks, Survey Finds A new survey emphasizes how business logic attacks can slip under the radar of development teams and […]

Surviving the Week 9/28/12

September 30, 2012 Dan Kuykendall 0

Passwords of 100k IEEE members lie bare on FTP server IEEE uses Akamai for content delivery. A FTP directory server was discovered which contained log […]

Surviving the Week 9/21/12

September 21, 2012 Dan Kuykendall 0

2012 HouSecCon, 10/11/2012 (in Houston) HouSecCon is coming up – October 11th in Houston. The agenda is shaping up with a bunch of hot topics […]

Surviving the Week 9/14/12

September 16, 2012 Dan Kuykendall 0

Surviving SQL Injection (link to free SQL Injection tool) SQLInjection continues to be in the news each week. Despite the fact that it the most […]

Surviving the Week 9/7/12

September 8, 2012 Dan Kuykendall 0

A Number of Exploits Including SQL Injection, XSS, and Authentication Bypass This week, researchers found some remarkable vulnerabilities including Remote code execution, SQL Injection, and […]

Surviving the Week 8/31/12

September 2, 2012 Dan Kuykendall 0

XSS: Gaining Access to HttpOnly Cookie Using the method getHeaderField in the Java HTTP API, any applet can access cookies with the HttpOnly flag set. […]

Surviving the Week 8/24/12

August 25, 2012 Dan Kuykendall 0

Get Off Your AMF and Don’t REST On JSON At “BSides Los Angeles“, I presented on “Get off your AMF and don’t REST on JSON”. […]

Surviving the Week 08/17/12

August 19, 2012 Dan Kuykendall 0

Sorry readers, last week’s post was missed due to an overwhelming amount of work both on the professional and personal areas. Thank you for holding […]

Surviving the Week 8/10/12

August 15, 2012 Dan Kuykendall 0

Web Apps Experience 2,700+ Attacks Per Year In a recent study, Imperva found that the average application can expect attack incidents 120 days per year […]

Surviving the Week 8/3/12

August 5, 2012 Dan Kuykendall 0

HTML5 Top 10 Attacks Last week at Blackhat, our team member Shreeraj Shah presented on threats against HTML5. The talk discussed the Top 10 Threats […]

Surviving the Week 07/27/2012

July 28, 2012 Dan Kuykendall 0

CodeIgniter 2.1.1 Cross Site Scripting Bypass CodeIgniter is an open source Web Application Framework that helps authors write PHP applications. Version 2.1.1 of CodeIgniter suffers […]

Survivng the Week 7/20/2012

July 22, 2012 Dan Kuykendall 0

Black Hat 2012 Coverage Dark Reading put together a list of interesting talks to headline at Black Hat this year. Check out their preview links. […]

Surviving the Week 7/13/12

July 14, 2012 Dan Kuykendall 0

Nvidia developer forums had been hacked, 400,000 user account compromised. More games with “Who’s got the biggest bounty?” 400,000 is fairly respectable. Remember back in […]

Huge SQL injection knowledge base NTObjectives released a SQL Injection cheat sheet which can be found at http://www.ntobjectives.com/go/sql-injection-cheat-sheet/, A more comprehensive knowledge base of SQL injection […]

Surviving the Week 6/29/2012

June 30, 2012 Dan Kuykendall 0

Code Execution Vulnerability in Microsoft XML Core Services If you are calling “msxml3!_dispatchImpl::InvokeHelper” in your code, make sure to patch it. A vulnerability exists when […]