The critical Web-based systems that are going untested and unsecured

The critical Web-based systems that are going untested and unsecured

I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is an area of security that doesn’t get near the attention it deserves – especially … [+]

Securing FTP Running on Your Web Server

Securing FTP Running on Your Web Server

I’ve had several questions from clients recently on how they can to secure FTP running on their web servers. The easy and short-sighted response would be “Are you nuts? You need to run FTP on a dedicated server!” However, looking … [+]

Good Web Security Tools and Why They Matter

Good Web Security Tools and Why They Matter

Like chemists, carpenters and doctors, those of us working in IT need good tools if we’re expected to do a good job. When dealing with application security, good security testing tools will always set the professionals apart from the amateurs. … [+]

Don't Forget Your Marketing Website Security

Don't Forget Your Marketing Website Security

I recently read about a marketing agency that experienced a security breach and subsequent defacement of its customers’ websites. Apparently their developers had misconfigured the web server and unknowingly gave the whole world access to change any and all content … [+]

Why people violate security policies

Why people violate security policies

Many organizations have a formal set of information security policies covering everything from acceptable internet usage to security in software development to web application security. In fact, it’s hard to come across a business today that doesn’t have at least … [+]

Not All Web Vulnerability Scans Are Created Equal

Not All Web Vulnerability Scans Are Created Equal

Recently a client of mine sent over the results of a web vulnerability scan that one of their customers had run against their production web environment. My client was curious why the results of this third-party scan were different from … [+]

VIDEO: How Cross-Site Scripting (XSS) Works

VIDEO: How Cross-Site Scripting (XSS) Works

XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not make them any less effective or deadly. XSS and SQL Injection attacks are similar in the way they inject malicious code. … [+]

Improving Web Security by Working With What You’ve Got

Improving Web Security by Working With What You’ve Got

As I wrote about in a previous post, we’re in the era of cutting back – if not completely eliminating – all non-essential expenditures. The thing is what may seem to be non-essential to management may actually be essential to the … [+]

Explaining the “why” of Web application security

Explaining the “why” of Web application security

Looking at the bigger picture of application security it seems that no one else really hears us. Sure, product managers, marketing, legal, HR and even certain people in management say they understand what’s at stake. But are they really on … [+]