How Aware Do We Have to be Not to Fall for the Bad Guys Antics?

How Aware Do We Have to be Not to Fall for the Bad Guys Antics?

Criminal hackers are getting more and more creative in their phishing and social engineering attacks on the web. This not only puts your website in the crosshairs but also your own personal information. A common question that comes up is: … [+]

What's the Best Way to Find Web Security Flaws?

What’s the Best Way to Find Web Security Flaws?

With all of the potential ways the bad guys can exploit websites (literally thousands), many people want to know what the best way is to actually uncover these flaws. Well, there’s no magic bullet answer, however, generally speaking Web flaws … [+]

Should you Test Development, Staging or Production?

Should you Test Development, Staging or Production?

You’ve heard me say that planning is half the battle with Web security assessments. I’m finding that more and more people are on board with thinking things through in advance but there’s still one area that’s not getting the attention … [+]

Why Web Security is Not Just IT’s Problem

Why Web Security is Not Just IT’s Problem

What’s your take on Web security? Do you see it as one of those techie things that other people should be handling? Or do you see it as your responsibility to ensure everything associated with your Web presence is in … [+]

Web Security Tip of the Week: Why Do Hacker Attacks Happen?

Web Security Tip of the Week: Why Do Hacker Attacks Happen?

Criminal hackers have it made. They know that many people don’t get – or completely ignore – online security. This attitude from many is at the core of why we experience web security issues. But, as problematic as the human … [+]

htaccess files should not be used for security restrictions

htaccess files should not be used for security restrictions

According to Apache documentation: .htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to … [+]

What if We Held Ourselves to the Security Certification Standards?

What if We Held Ourselves to the Security Certification Standards?

Confidentiality, compensating controls, risk transference are just a few of the core information security concepts covered by the CISSP exam – concepts that also happen to impact Web application security. Having recently completed the technical edits for a CISSP exam … [+]

Take Care in Handling the Results of Your Web Application Testing

Take Care in Handling the Results of Your Web Application Testing

How do you handle your web application testing, vulnerability scans, test data and related security assessment reports? I’ve found that this is something that doesn’t get a lot of attention in web application security circles but is still impactful to the business. It’s … [+]

Web Security Tip of the Week: Understanding Why WordPress has Vulnerabilities

Web Security Tip of the Week: Understanding Why WordPress has Vulnerabilities

Did you know that if a system has an IP address or a URL, then it’s fair game for attack from a hacker? That’s been the universal law and it always will be. So why is it that WordPress security … [+]