Protecting Your Brand with a Secure Website

These days, everyone and their grandmother has a website or blog. It’s becoming more and more common for the average person to have a website, whether it’s for informational purposes or as a way to promote a product or service. Either way, there is a ton of competition on the web which results in higher […]

Read More →

MySQL.com Victim of SQL Injection Attack

Introduction On 27th March 2011 a message was posted on the popular Full Disclosure mailing list exposing a recent hack against the website mysql.com. This vulnerability was apparently also reported by a hacker called TinKode, who also claims to have found a cross site scripting attack on the same web site in January. SQL Injection […]

Read More →

Preventing XSS Attacks

Cross Site Scripting (XSS) attacks are amongst the most common types of attacks against web applications. XSS attacks all fall under the same category however a more detailed look at the techniques employed during XSS operations reveals a multitude of tactics that exploit a variety of attack vectors. A detailed look at XSS attacks can be […]

Read More →

Cross Site Scripting Attacks

Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the […]

Read More →

You can't change what you tolerate

Attending a recent meeting I heard one of the speakers say “You can’t change what you tolerate.” Apparently it’s a quote from Cesar Millan (the dog whisperer) but it really struck a chord in me regarding web application security and overall information risk management. How can we possibly expect to make things better when we […]

Read More →

How to Avoid the Google Blacklist

In the ‘old days’ – around 4 to 6 years ago, when the Google Blacklist was less of a news item – hackers were primarily interested in stealing customer data from websites. They would cause absolute havoc after breaking in, stealing anything from customer credit card details, usernames, addresses and other details to perpetuate identity fraud, […]

Read More →

General Facts and Figures on Web Hacking

Facts about Web Application Hacking Verizon Business conducted a 2009 study of 90 Web data breaches. The results of this study were presented in The Data Breach Investigative Report (DBIR) and included the following facts and figures: 285 million data records were exposed in the 90 data breaches, the equivalent of 9 exposures each second. […]

Read More →

I wouldn’t want to be a developer these days

Are you a software developer? If so, I don’t envy you.  Of all the possible positions working in and around IT, you’ve arguably got the toughest one. I’ve witnessed it over the years while performing my own security assessments as well as hearing about it from friends and colleagues who are developers. You’ve literally got […]

Read More →