PHP Security: The Big Picture

Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. No matter what programming language you use to develop your site, after all the hard work you […]

Read More →

What is Path Traversal?

Path Traversal, or, as it is otherwise known, Directory Traversal, refers to an attack through which an attacker may trick a web application into reading and subsequently divulging the contents of files outside of the root directory of the application, or the web server. Path Traversal attacks typically manipulate web application inputs by using the […]

Read More →

What is Insecure Deserialization?

Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top 10 2017 list. In order to understand what insecure deserialization […]

Read More →

OWASP Top 10 2017 Update – What You Need to Know

After the long-winding road of discussion and deliberation, revision, disagreements and adjustments, the Open Web Application Security Project (OWASP) are updating their venerable Top 10 list of the most critical web application security risks since 2013. This update brings with it three new entries to the list, based on data OWASP collected and analyzed. Here’s […]

Read More →

Cyber Threats vs Vulnerabilities vs Risks

It’s common for terms such as cyber threats, vulnerabilities and risks to be conflated and confused. This post aims to define each term, highlight how they differ and how they are related to one-another. Cyber Threats Cyber threats, or simply, threats refer to circumstances or events with the potential to cause harm by way of […]

Read More →