This decade has seen an unprecedented number of connected systems and devices, automated delivery systems and increased mobile device usage in the healthcare industry.
A collaborative effort between government and industry, National Cybersecurity Awareness Month (NCSAM) is observed every October in an effort to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to stay safer and more secure online.
Server-side request forgery (SSRF) has been in the news recently for causing mainstream data breaches impacting hundreds of millions of consumers.
There have been a few high-profile breaches in the news lately related to Magecart, including British Airways, Ticketmaster, and Feedify. For those who don’t know, Magecart is a hacker group whose modus operandi involves skimming credit card details with code tailored to the sites they infect ...
Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning
Learn about new self-service features: Associated Host Names & BLA Scheduling.
Our static code analysis colleagues over at RIPS Technology have a good write-up about a recent chain of vulnerabilities they discovered in an open-source application named LimeSurvey.
As more and more organizations are embracing agile, fast waterfall, DevOps methodologies, a key cultural shift is happening towards bringing security closer to developers.
Software Composition Analysis (SCA) allows you to identify third-party and open source components that have been integrated into all your applications.
Using "HREF with Target" can have exploits and weaknesses - learn best practices from secure coding experts on preventive measures.
Week four of National Cyber Security Awareness Month is focused around a career in cyber security.
Week three of National Cyber Security Awareness Month is focused around connected devices.
As the news unfolds on Equifax and the latest and greatest of the Apache Struts hacks, a co-worker and I were talking about it amongst ourselves. “Why would someone leave a critical vulnerability unpatched for months?”, my co-worker asked in puzzled tones.
Our aim in creating the Learning Labs is to help everyone – developers, security practitioners, and executives - understand the risks in all applications, help IT staff understand how application security fits into their wider security ecosystem, and help teach developers how to write more secure code to make business safer for customers.
I saw another meme go by on Facebook. This one challenged everyone’s memory to name all their Elementary School teachers. And I had more than ten friends participate, which resulted in me yelling at my computer screen again.
Network-connected Internet of Things (IoT) are growing in popularity in homes and businesses, from smart cities and buildings to cars and medical devices. Attempts to subvert or compromise critical functions in organizations due to insecure IoT devices and applications are on the rise and in the news.
In the first webinar Introduction to Application Security for Developers, WhiteHat geared towards training and certifying developers to be secure coders.
What follows is a directory traversal hack I found “In the Wild” as they say, on a customer’s actual website I was working on. Our customer was a large enterprise client involved in Information Management, but this could be present on many web applications that allow a user to upload and download files.
This article provides an executive summary on the Blockchain technology, what it is, how it works, and why everyone is excited about it.
After a lot of coordination, research, voting by the community and judging - learn the Top 10 Web Hacking Techniques of 2015.
Learn the top 10 website hacking techniques for the year.
Naenara Browser is the DPRK's version of Firefox that comes built into Red Star OS, the official operating system of North Korea is weirder than we thought
Common HTTP headers are components of the header section of request and response messages in the Hypertext Transfer Protocol (HTTP).
A long time ago I began to compile a list of lesser known but still very scary choke points on the Internet.
Never use Web Storage data for access control decisions or trust the serialized objects you store here for other critical business logic. A malicious user is free to modify their localStorage and sessionStorage values at any time, treat all Web Storage data as untrusted.
The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking from a blackbox perspective.
Password Cracking AES-256 DMGs and Epic Self-Pwnage
IT security is a massive concern for many organizations of all shapes and sizes. The consequences of a security failure are often drastic, sometimes terminal. Over recent years, there has been a relentless upward trajectory in spending on IT security, and there are no signs of that trend abating.
X-Frame-Options (XFO) is an HTTP response header, mostly used to combat Clickjacking, that informs a Web browser if the page should be rendered in a or .
Please forgive the title, but today’s topic is something to be wary of if you write (or use) any access control / authorization type code in Web-based J2EE apps: HTTP URL path parameters.