National Weather Service Hacked

The National Weather Service has been hacked by the Kosova Hacker’s security group, leading to sensitive server information being leaked. The group managed to hack into the server using a Local File Inclusion (LFI) vulnerability in the weather.gov website. As the name denotes, Local File Inclusion (LFI) is the process of including a file or […]

Read More →

HTML Form Found in Redirect Page Web Vulnerability

When creating a password protected section for a website, such as an admin portal for a CMS solution, typically developers check if the user session is authenticated. If the user session is not authenticated, the user is redirect to the login page. Maybe because the lack of development experience, typically developers use the below sample code in […]

Read More →

What's the Best Way to Find Web Security Flaws?

With all of the potential ways the bad guys can exploit websites (literally thousands), many people want to know what the best way is to actually uncover these flaws. Well, there’s no magic bullet answer, however, generally speaking Web flaws can be discovered in one of two ways: Poking and prodding the website using manual […]

Read More →