The Cure for Many Web Application Security Ills

One of the things I’ve learned throughout my career is that many solutions to the problems we face in IT, security and software development can be solved if we simply turn to business leaders to see how it’s done. In particular, I’m talking about a practice called zero-based thinking. A tool that’s been around for […]

Read More →

The Rise of Backdoored WordPress Plugins

It all started a few months ago when I was visiting Lester Chan’s website looking for some information about one of his plugins. Lester Chan has written a good number of very popular WordPress plugins that are used by millions of people. Some of the most popular ones are WP-PageNavi, WP-DBManager, WP-PostRatings, WP-Polls and WP-PostViews. While […]

Read More →

How to Avoid Being Hacked

Failing to protect your website and its contents can result in your site being hacked and exposed to vicious malware and trojans. Many web-based businesses have failed because of a lack of website security and there have been many cases of people having their personal information stolen as a result. Additionally, Google may blacklist your website […]

Read More →

Going Beyond Confirmed Web Security Flaws

As I wrote in my previous post about low-hanging fruit and the 2011 Verizon Data Breach Report, I’m a strong believer in finding out where your Web systems are bleeding and focusing on those issues first. It’s the basic principle of triage – finding, and fixing, the urgent issues on the important systems. The thing […]

Read More →