Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1. Load web vulnerability scanner. 2. Enter URL to scan. 3. Click Go. 4. Generate report for the auditors….
2012 – The Year Hacking Became a Political Weapon
On 30 November Reuters reported that Anonymous will shut down Syrian government websites worldwide to fight the government’s countrywide Internet blackout, which many believe was put into effect to silence opposition to President Bashar al-Assad. According to Martin Chulov of The Guardian, in his 29…
The Email that Hacks You
Update: Seems to be working on TP-Link Routers as well (tested on TL-WR841N). Update2: Arcor EasyBox A600 also seems vulnerable. Opening a legitimate looking email on an iPhone, iPad or Mac while using an Asus router with a default or guessable password could compromise the security of…
Keeping Your WordPress Blog Secure
If you have a WordPress blog or website, you’ll want a regular chain of visitors. Whether you’re sharing your personal opinions on niche topics or you’re running a business, here are a few tips you can use to make sure your WordPress Blog is secure…
The Aftermath of an Online Attack
If you have a website, whether personal or business, that makes you a potential target for an online attack. After all, cyber crime is at an all time high as hackers can make a living from selling private or corporate data. Some people still don’t…
What can Developers do to Better Protect PII?
A client of mine recently asked me if I had any Web development related tips for dealing with Personally Identifiable Information (PII). With this being an information security 101 type question, I had to think about it for a bit. It then occurred to me…
One Thing That Can Buy You More Web Security Than Just About Anything Else
There is no magic bullet when it comes to web security. That said, there is one thing that can buy you more security than practically anything else. It’s your passwords. Your choice in – and management of – your web passwords can make or break…
HTML Form Found in Redirect Page Web Vulnerability
When creating a password protected section for a website, such as an admin portal for a CMS solution, typically developers check if the user session is authenticated. If the user session is not authenticated, the user is redirect to the login page. Maybe because the lack of…
How Aware Do We Have to be Not to Fall for the Bad Guys Antics?
Criminal hackers are getting more and more creative in their phishing and social engineering attacks on the web. This not only puts your website in the crosshairs but also your own personal information. A common question that comes up is: How do I stay in…