Web Security Tip of the Week: Why Do Hacker Attacks Happen?

Web Security Tip of the Week: Why Do Hacker Attacks Happen?

Criminal hackers have it made. They know that many people don’t get – or completely ignore – online security. This attitude from many is at the core of why we experience web security issues. But, as problematic as the human … [+]

htaccess files should not be used for security restrictions

htaccess files should not be used for security restrictions

According to Apache documentation: .htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to … [+]

What if We Held Ourselves to the Security Certification Standards?

What if We Held Ourselves to the Security Certification Standards?

Confidentiality, compensating controls, risk transference are just a few of the core information security concepts covered by the CISSP exam – concepts that also happen to impact Web application security. Having recently completed the technical edits for a CISSP exam … [+]

Take Care in Handling the Results of Your Web Application Testing

Take Care in Handling the Results of Your Web Application Testing

How do you handle your web application testing, vulnerability scans, test data and related security assessment reports? I’ve found that this is something that doesn’t get a lot of attention in web application security circles but is still impactful to the business. It’s … [+]

Web Security Tip of the Week: Understanding Why WordPress has Vulnerabilities

Web Security Tip of the Week: Understanding Why WordPress has Vulnerabilities

Did you know that if a system has an IP address or a URL, then it’s fair game for attack from a hacker? That’s been the universal law and it always will be. So why is it that WordPress security … [+]

Don’t Let Problems Stop You From Carrying Out Web Application Testing

Don’t Let Problems Stop You From Carrying Out Web Application Testing

Web security assessment success is directly related to the amount of preparation you do up front before you run a single web application test. It’s the 80/20 Rule: the 20 percent time and effort you put into planning for the assessment will represent … [+]

The Consequences of Having a Hacked Website

The Consequences of Having a Hacked Website

Cybercrimes are at an all time high, with hackers and identity thieves making a living from selling private or corporate data. If you have a hacked website, it can have far reaching repercussions especially if your website databases include your … [+]

Windows Short (8.3) Filenames - A Security Nightmare?

Windows Short (8.3) Filenames – A Security Nightmare?

Each time you create a new file on Windows, the operating system also generates an MS-DOS-compatible short file name in 8.3 format, to allow MS-DOS-based or 16-bit Windows-based programs to access files which have a long name. You can see these … [+]

Do You Scan with Network Security Controls Enabled or Disabled?

Do You Scan with Network Security Controls Enabled or Disabled?

As application security professionals, we want to get as much as possible out of our security assessments. We’re not only expected to but we’re proud of our work and want to provide the best results and most value possible. As … [+]