Building Secure Applications: How Mature Are You?

Dave Ferguson is back with another guest blog! Make sure you check out his blog here, and read his original post, ‘Keeping Up With The Hackers: Where to Practice Your Web Hacking Skills,’ here. Testing your software for vulnerabilities is important.  There’s no doubt about it, but if there’s something I’ve learned over the years when

Read More ›

Ruby On Rails Security

Ruby Defined Ruby is an object-oriented programming language (OOPL) that was developed by Japanese developer Yukihiro “Matz” Matsumoto. Ruby is influenced by several other OOPLs including Perl, Lisp, Eiffel, Smalltalk and Ada. It is reflective and dynamic, with automatic memory management. It also supports a variety of programming paradigms such as imperative, functional, and of

Read More ›

Rootkit

Rootkit defined The term Rootkit is a combination of two words: “root” and “kit.” A rootkit allows malicious attackers to gain “root” or full administrator privileges on a computer in order to perform unauthorized actions. This exploit can result in software execution, changes in system configuration files, accessing of log files, monitoring of user keyboard

Read More ›

Linux Hacking

Linux is an open-source operating system (OS) that shares many similarities with UNIX. It is the most popular OS used in mainframe, servers and super computers, thanks to its multiple-user functionality and multitasking capabilities. Linux, while not as common as Windows, can be found on many personal computers and mobile devices today. Android, the world’s

Read More ›

Botnet Detection and Prevention

Botnet, a fusion of the words “robot” and “network”, is basically a group of computers that have been compromised by a malicious attacker and are under his control. Botnets are primarily used for executing Distributed Denial of Service (DDoS) attacks, where the targeted servers are crippled by overloading them with packets of data. Eventually the

Read More ›

The AppSec How-To: Guide to Getting Your Developers to Beg for Security

Security is fascinating. It touches each and every one of us – whether we’re making an online credit card purchase, transferring funds or entrusting a service with our intimate emails. Security continues to intrigue with revelations of sophisticated attacks, sometimes analogizing them to the James Bond of the cyber-world. There’s good reason as to why our choice

Read More ›

Man-In-The-Middle (MiM) Attacks

A Man-in-the-Middle (MiM) attack is a unique type of session hijacking that many companies face during the flow of communication data between client and server. This occurs when a malicious attacker is able to trick the client into believing he is the server and he tricks the server into believing he is the client. In

Read More ›

Malware

Malware is any type of malicious software that can be used to threaten a network or computer. It is typically used to steal information and data that can be used for personal or financial gain. Malware can be implemented into personal computers, company computers, company networks, mobile devices and other electronic devices. Some of the

Read More ›

LDAP Injection

LDAP Injection is a vulnerability that affects web applications. It can be exploited by sending requests that are not properly analyzed and revised by the web application due to the vulnerability. An attacker can then modify LDAP statements using a proxy. This grants the attacker permissions needed to perform commands using the database server, web

Read More ›

Keylogger: The Invisible Threat

What are keyloggers? A keylogger is a small, simple application that is typically designed to run “invisibly” on a computer so as to avoid detection by the actual computer user. A keylogger does exactly as its name implies—it logs all keystrokes that are inputted by the user. More sophisticated versions of keyloggers can also capture

Read More ›