Surviving the Week 2/1/13 – Ruby on Rails – JSON Parser Vulnerability
Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is buggy. The fix delivered replaces the YAML backend (yaml.rb) which...
View ArticleWhy are we still vulnerable to side-channel attacks? (and why should I care?)
2013 B-Sides San Francisco Talk Summary Series This was a great talk given by Jasper Van Woudenberg, from Riscure. Whenever I attend these talks, I always include a couple that are pure indulgence to...
View ArticleOWASP Top 10 List Maturing – Evidenced by Minor Changes
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was...
View ArticleEight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s...
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out...
View ArticleFour Reasons Security Teams Can’t Stop SQL Injection Vulnerabilities
SQL injection vulnerabilities have threatened application security for years. So why are they still quite common, despite the fact that we, as an industry, should know how to prevent them? Clearly, if...
View ArticleMobile Application Security: Think Twice Before Placing Football Bets
Have you heard about the vulnerability in the Yahoo! Fantasy Football app? If Knowshon Moreno’s performance on Monday against the Oakland Raiders got you down, you might want to read this warning to...
View ArticleWebcast: SQLInjection Vulnerabilities Hidden in New Places
Why are your applications still suffering from SQL Injection Vulnerabilities? Even though we know so much about SQL Injection, we have a perfect storm brewing for serious security problems in many...
View ArticleMobile application security testing – fast and easy!
Mobile application security testing: Four words that, for many security professionals, elicit a nagging feeling that comes from knowing the challenge is imminent if not already present, yet very...
View ArticleMobile Application Security 101
Mobile Applications – Still Insecure Businesses are racing to meet the demands for mobile applications, yet mobile application security is an afterthought, just as web application security was when web...
View ArticleThe Bash Bug, In a Nut-Shellshock
As you probably know by now, a bug, named Shellshock or “The Bash Bug” has been discovered in a version of Bash, which is a command shell tool. The bug leaves millions of websites and computers open to...
View ArticleShellshock Bash Bug – 8 Important Lessons
While Shellshock has been all over Twitter and talked about on prominent news outlets, I’m still shocked that there is comparatively less press coverage than there was for Heartbleed which was a...
View ArticleNTOSpider 6.4 Now Available!
We are excited to announce a host of enhancements to NTOSpider that will further assist you in testing more of your applications in less time. Our mission is and has always been to create the most...
View ArticleSSL Poodle Check Added to NTOSpider
This week’s “big hack” everyone is yapping about is the POODLE flaw in Secure Socket Layer (SSL 3.0). The hack is a bad one, when the attacker can get man-in-the-middle to set it up, but the need for...
View ArticleRed Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing...
At the recent OWASP AppSecUSA in Denver, Daniel Peck of Barracuda Networks put together this presentation for those interested in phishing detection, or for anyone with nostalgia for Dr. Seuss. Peck...
View ArticleTaking Aim at Google’s Firing Range
This week a developer from Google released a new vulnerable test app named “Firing Range” which I have been digging into for the last few days. This has been of particular interest because of course I...
View ArticleAnnouncing Hackazon! The first vulnerable web test application to enable...
We are excited to announce the release of the first vulnerable web application built with web 2.0 and mobile client technologies. Hackazon is a “fake app” test site which replicates an on-line...
View ArticleAppSec Cali: Hackazon – Stop Hacking Like It’s 1999!
I’m looking forward to reconnecting with everyone next week at AppSec California. I hope you’ll join me for my talk, Hackazon – Stop Hacking Like It’s 1999! In this talk, I’ll give a detailed overview...
View ArticleC’mon back to Cali! OWASP AppSec California This Week!
I’m looking forward to seeing everyone next week at OWASP AppSec California in Santa Monica and hearing some of the great talks planned, but I’m mostly interested to see if Zach Lanier wears the same...
View ArticleOWASP Top 10 List Maturing – Evidenced by Minor Changes
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was...
View ArticleEight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s...
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out...
View Article
More Pages to Explore .....