PWC Global State of Information Security Survey 2016

Price Waterhouse Coopers have just published a report about cybersecurity. Not about the attacks and threats themselves, but about how businesses are tackling the risks. Titled the Global State of Information Security Survey 2016, its key findings relate to measures such as external collaboration and cybersecurity insurance. In summarising some of the main security strategies […]

Read More →

Defence in depth and how it applies to web applications – Part 1

Information security generally refers to defending information from unauthorized access, use, disclosure, disruption, modification or deletion from threats. Organizations are constantly facing threats that exist both externally as well as internally — be they from nation states, political activists, corporate competitors or even disgruntled employees. Defending an organization from these threats is hard because it […]

Read More →

SQLi part 6: Out-of-band SQLi

Out-of-band SQL injection is not very common, mostly because it depends on features being enabled on the database server being used by the web application. Out-of-band SQL injection occurs when an attacker is unable to use the same channel to launch the attack and gather results. Out-of-band techniques, offer an attacker an alternative to inferential […]

Read More →

SQLi part 5: Inferential SQLi (Blind SQLi)

Inferential SQL injection, unlike in-band SQLi, may take longer for an attacker to exploit, however, it is just as dangerous as any other form of SQL injection. In an inferential SQLi attack, no data is actually transferred via the web application and the attacker would not be able to see the result of an attack […]

Read More →

The Draft UK Investigatory Powers Bill

This week a draft ‘Investigatory Powers Bill’ was released by Home Secretary Theresa May and is receiving a great deal of media intention, instead being dubbed the UK ‘Surveillance Bill’. What’s it for? The bill is introduced as being for consolidation of all the laws governing communications data, in order to make it more straightforward […]

Read More →

In the headlines: TalkTalk breach, Joomla and Drupal patches, CISA bill, 1000 KKK members, and more

TalkTalk breach could affect 4 million users Another cellphone provider has hit the headlines with a breach; this time the UK provider TalkTalk. Following an attack which occurred in February, this latest breach happened last week and the company has admitted that not all stolen data was encrypted. Information stolen includes names, credit card details, […]

Read More →