Analysis of an Intrusion: Backdoors

The concept of “Backdoor” has seen many interpretations during the relatively short history of the Internet. Microsoft defines Backdoors as “A hidden entrance to a computer system that can be used to bypass security policies”, and, in essence, that is what they are. A Backdoor allows an attacker to access a remote computer, bypassing authentication […]

Read More →

Vulnerable Network Devices: A Growing Concern

Network devices, except maybe firewalls, are not usually perceived as security sensitive assets. Manufacturers and users do not invest time in assessing the security state of routers and switches. IT admins, handling business IT infrastructures, are mainly concerned with uptime when it comes to network devices. The usual tasks revolve around backup / restore of […]

Read More →

What You Don’t Know About Web Security CAN Hurt You

How secure is your web environment? You know, your business’ marketing website, your customer-facing web applications, your internal financials application, the various cloud services that process and store business assets, and so on. Many business executives don’t have the slightest idea about the security of these critical business systems. They view this as a technical […]

Read More →

Negative Impacts of Automated Vulnerability Scanners and How to Prevent them

Automated web application vulnerability scanners are constantly being used in order to automatically identify vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection on web applications. Although automated vulnerability scanners have become an indispensable tool for pen-testers and security consultants, they could sometimes have a negative impact on your scan target. An automated scan damaged […]

Read More →

The Results are in – Verizon 2014 Data Breach Investigations Report

The numbers are in… and cybercrime had quite an active 2013 according to Verizon’s 2014 Data Breach Investigations Report (DBIR) – one of the information security industry’s most prominent studies compiled from over 50 contributing organizations. This year’s report includes an array of security issues, from denial of service (DOS) attacks to web application attacks […]

Read More →

Key Web Application Security Metrics

How’s your web application security program measuring up today? If you’re like many people, you’re simply going through the motions of periodic vulnerability scans and problem resolution. It’s a vicious cycle that may or may not be delivering the results you’re looking for. Given all the time, effort, and money you put into web security […]

Read More →

Danger: Open Ports – Trojan is as Trojan does

Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside, in order to perform their jobs. Security best practices imply the use of a firewall system that controls which ports are opened or closed on Internet-facing servers. Additionally, […]

Read More →

The Aftermath of the Heartbleed Bug

The Heartbleed bug, a security flaw in the popular OpenSSL library used for data encryption, has taken the web security world by storm, and the victim toll has started to rise. The first reported victims include the Canada Revenue Agency (with 900 social security numbers stolen) and Mumsnet, a popular UK website with over 1.5 […]

Read More →