Quantcast
Channel: Attack Types – Man Vs WebApp
Browsing all 27 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Surviving the Week 2/1/13 – Ruby on Rails – JSON Parser Vulnerability

Ruby on Rails – JSON Parser Vulnerability The JSON parser which converts JSON into YAML and in turn hands over to the YAML parser is buggy. The fix delivered replaces the YAML backend (yaml.rb) which...

View Article



Image may be NSFW.
Clik here to view.

Why are we still vulnerable to side-channel attacks? (and why should I care?)

2013 B-Sides San Francisco Talk Summary Series This was a great talk given by Jasper Van Woudenberg, from Riscure. Whenever I attend these talks, I always include a couple that are pure indulgence to...

View Article

Image may be NSFW.
Clik here to view.

OWASP Top 10 List Maturing – Evidenced by Minor Changes

The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was...

View Article

Image may be NSFW.
Clik here to view.

Eight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s...

Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out...

View Article

Image may be NSFW.
Clik here to view.

Four Reasons Security Teams Can’t Stop SQL Injection Vulnerabilities

SQL injection vulnerabilities have threatened application security for years. So why are they still quite common, despite the fact that we, as an industry, should know how to prevent them? Clearly, if...

View Article


Image may be NSFW.
Clik here to view.

Mobile Application Security: Think Twice Before Placing Football Bets

Have you heard about the vulnerability in the Yahoo! Fantasy Football app? If Knowshon Moreno’s performance on Monday against the Oakland Raiders got you down, you might want to read this warning to...

View Article

Image may be NSFW.
Clik here to view.

Webcast: SQLInjection Vulnerabilities Hidden in New Places

Why are your applications still suffering from SQL Injection Vulnerabilities? Even though we know so much about SQL Injection, we have a perfect storm brewing for serious security problems in many...

View Article

Image may be NSFW.
Clik here to view.

Mobile application security testing – fast and easy!

Mobile application security testing: Four words that, for many security professionals, elicit a nagging feeling that comes from knowing the challenge is imminent if not already present, yet very...

View Article


Image may be NSFW.
Clik here to view.

Mobile Application Security 101

Mobile Applications – Still Insecure Businesses are racing to meet the demands for mobile applications, yet mobile application security is an afterthought, just as web application security was when web...

View Article


Image may be NSFW.
Clik here to view.

The Bash Bug, In a Nut-Shellshock

As you probably know by now, a bug, named Shellshock or “The Bash Bug” has been discovered in a version of Bash, which is a command shell tool. The bug leaves millions of websites and computers open to...

View Article

Image may be NSFW.
Clik here to view.

Shellshock Bash Bug – 8 Important Lessons

While Shellshock has been all over Twitter and talked about on prominent news outlets, I’m still shocked that there is comparatively less press coverage than there was for Heartbleed which was a...

View Article

NTOSpider 6.4 Now Available!

We are excited to announce a host of enhancements to NTOSpider that will further assist you in testing more of your applications in less time. Our mission is and has always been to create the most...

View Article

SSL Poodle Check Added to NTOSpider

This week’s “big hack” everyone is yapping about is the POODLE flaw in Secure Socket Layer (SSL 3.0). The hack is a bad one, when the attacker can get man-in-the-middle to set it up, but the need for...

View Article


Image may be NSFW.
Clik here to view.

Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing...

At the recent OWASP AppSecUSA in Denver, Daniel Peck of Barracuda Networks put together this presentation for those interested in phishing detection, or for anyone with nostalgia for Dr. Seuss. Peck...

View Article

Taking Aim at Google’s Firing Range

This week a developer from Google released a new vulnerable test app named “Firing Range” which I have been digging into for the last few days. This has been of particular interest because of course I...

View Article


Announcing Hackazon! The first vulnerable web test application to enable...

We are excited to announce the release of the first vulnerable web application built with web 2.0 and mobile client technologies. Hackazon is a “fake app” test site which replicates an on-line...

View Article

Image may be NSFW.
Clik here to view.

AppSec Cali: Hackazon – Stop Hacking Like It’s 1999!

I’m looking forward to reconnecting with everyone next week at AppSec California. I hope you’ll join me for my talk, Hackazon – Stop Hacking Like It’s 1999! In this talk, I’ll give a detailed overview...

View Article


Image may be NSFW.
Clik here to view.

C’mon back to Cali! OWASP AppSec California This Week!

I’m looking forward to seeing everyone next week at OWASP AppSec California in Santa Monica and hearing some of the great talks planned, but I’m mostly interested to see if Zach Lanier wears the same...

View Article

Image may be NSFW.
Clik here to view.

OWASP Top 10 List Maturing – Evidenced by Minor Changes

The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was...

View Article

Image may be NSFW.
Clik here to view.

Eight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s...

Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out...

View Article
Browsing all 27 articles
Browse latest View live




Latest Images