Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment. The flaws in question were related to the server host and not the actual Web application. I actually had not manually validated every single finding in that regard. I […]
I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is an area of security that doesn’t get near the attention it deserves – especially when it comes to the Web security component.
It’s a very predictable web security flaw — in fact, it’s something I find in the majority of my web security assessments: the lack of intruder lockout on login pages. I know, with all the SQL injection and cross-site scripting present on the web, the lack of intruder lockout on web login pages seems a […]
Web servers are one of the most targeted public faces of an organization. Securing a web server is as important as securing the website or web application itself and the network around it. Although securing a web server can be a daunting operation and requires specialist expertise, it is not an impossible task to achieve. […]