With the recent emphasis on application security, organizations now strive to fix web app security vulnerabilities earlier in the SDLC, before apps are deployed in order to lower the risk of potential data breaches.
Follow on to the Growing the Role of Women in AppSec webinar held on 3/23. Here's another real-world anecdote of how to move from no skills into tech and security, along with all the Q&A we didn't get to on the Webinar.
So now that I’ve established myself as a lover of FB and social media, may I ask that you all please carefully consider which additional new and (worse) seldom-used applications that you grant permission to “Log On with Facebook?” (Or Google+, or Twitter – I’m not just targeting any one federated login mechanism.)
This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.
But then we got mobile devices, and executives fell in love with tablets. And then smart objects, from buildings to cars and medical devices. The boundaries of the network keep growing, but we security experts keep saying that the user is the weakest link.
With the migration towards digital transformation and the onslaught of cyber attacks, we need a “Security Facts” label so that we as consumers may make more informed decisions about the risk we are inheriting from the use or acquisition of applications.
WhitHat Security is pleased to kick off the WhiteHat Certified Secure Developer (WCSD) Program. It is open to all developers free of charge and gives developers that essential jumpstart into understanding app security at a deep technical level.
As we head into the new year, we thought we’d share our 5 most watched webinars of 2016. Like “must see TV”, these are well worth taking the time to watch and learn from!
Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.
What follows is a directory traversal hack I found “In the Wild” as they say, on a customer’s actual website I was working on. Our customer was a large enterprise client involved in Information Management, but this could be present on many web applications that allow a user to upload and download files.
In summary, 2017 will bring its own share of challenges to security teams.
The WhiteHat team has gathered some thoughts on predictions and new vulnerabilities or trends that might emerge in 2017.
This article provides an executive summary on the Blockchain technology, what it is, how it works, and why everyone is excited about it.
After a lot of coordination, research, voting by the community and judging - learn the Top 10 Web Hacking Techniques of 2015.
It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web server, force the user and server to downgrade to a set of export ciphers which are weak and outdated.
Learn the top 10 website hacking techniques for the year.
Common HTTP headers are components of the header section of request and response messages in the Hypertext Transfer Protocol (HTTP).
I think a lot of web designers and web masters have almost no idea what are the most important things to focus on beginning on day one.
Learn 7 ways vulnerability scanners may harm websites and what to do about it.
Learn about how the Threat Research Center (TRC) participated in a Capture ALL the Flags (CTF) event for Application Security.