XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely…
How to set-up HTTP Authentication (Basic) with Nginx on Ubuntu 16.04
Restricting portions of a web application or directories on a web server to a small group of trusted users can greatly improve the security of a website or web application. Most web applications provide their own form-based methods for authentication, however, we can also make…
In the headlines: LastPass vulnerability, Hillary Leaks, remote code execution vuln on Pornhub, and more
LastPass password manager vulnerability gives hackers your passwords LastPass is one of the most popular password managers around and can also be added to your browser, allowing you to store and auto fill all your passwords, using just one master password to access them. So…
EU Network and Information Security Directive sets legal requirement to report breaches
The EU have just passed a new directive, the Network and Information Security Directive, which was approved in December of 2015 and passed through last week. The directive comes into force in August of this year, with a 21 month limit to implement it, by…
4 Tips to kickstart your application security effort
Securing web applications is not an easy task; especially when the application is constantly changing and business-critical. Identifying where to start could be overwhelming, especially if you’re just dipping your toes in application security. Here are four tips to help you get started. 1. Know your…
Securing MySQL Server on Ubuntu 16.04 LTS – Configuring MySQL Securely, Part 3
In part 2 of this series, we looked at configuring MySQL securely. In this final part we shall continue looking at ways in which to ensure a secure MySQL Configuration. Secure Communications In some cases, we might have the MySQL database server setup on a dedicated…
Securing MySQL Server on Ubuntu 16.04 LTS – Configuring MySQL Securely, Part 2
In part 1 of this series, we looked at Installing MySQL Server on Ubuntu 16.04 LTS. In this second part, we will be looking at configuring MySQL securely. LEARN MORE: SQL Injection Scanner LEARN MORE: SQL Injection Attack Configuration We will start off with the most…
Securing MySQL Server on Ubuntu 16.04 LTS – Installing MySQL, Part 1
Databases can be found in everything from desktop applications, web applications, corporate servers to smartphones and other devices. Almost every software program relies on some sort of database to store its data. As applications continue to grow, so is the amount of data that is…
Recent survey shows cost of a breach has climbed to $158 per record
A recently published report titled the ‘2016 Cost of Data Breach Study: Global Analysis’ has suggested that the average cost of a data breach continues to climb, now reaching an average of $4million per breach, or $158 per record from a survey of 383 companies…