VIDEO: How Cross-Site Scripting (XSS) Works

XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not make them any less effective or deadly. XSS and SQL Injection attacks are similar in the way they inject malicious code. The difference is that an SQL attack, injects code into the target database whereas an […]

Read More →

"Time to market" no longer the security excuse

If you’ve heard it once you’ve probably heard it a thousand times: time to market is critical. Indeed, when it comes to software development, many business executives, marketers, product managers and sales weasels live and breathe by this mantra. Just get it out the door and we’ll fix the stuff that needs fixing later. We’ve […]

Read More →

US Police Servers Breached in New Anonymous Attack

On the 31st of July 2011, the system administrator of Brooks-Jeffrey Marketing (BJM) was working on his newly upgraded servers. At exactly the same time a hacker was slowly sniffing his way through the same systems and picking up everything in his tracks. The hacker had rooted the system so deeply that he was able to report […]

Read More →

VIDEO: SQL Injection tutorial

SQL Injection is perhaps one of the most common application layer attack techniques used today, mainly used by malicious users to steal data from organizations. It is a type of attack that takes advantage of improper coding of your web applications that allows a malicious user to inject SQL commands into a form on your […]

Read More →

Properly Scoping your Web Security Assessments

I’ve heard experts in time management say that one minute of planning can save you five minutes in execution. This applies to so many things we do in IT and information security but I can’t think of anything more important than security testing. Applying the 80/20 rule to this scenario, the first 20 percent of […]

Read More →