SQL Injection Tutorial: Tackling SQLi with Source Code Analysis

The impact of the Drupal fiasco is still being felt across all industry sectors. The world’s third biggest CMS platform was compromised with arguably the oldest hacking technique in existence – the SQL injection (SQLi). While the Drupal 7.32 update has resolved this specific problem, SQL injections won’t really go away until they are treated from the

Read More »

The Ultimate List of Open Source Static Code Analysis Security Tools

open-source-static-code-analysis-security-tools

Doing security the right way demands an army – of developers, security teams, and the tools that each uses to help create and maintain secure code.   With the increasingly important mindset of creating quality, secure code from the start, we’ve seen a greater shift towards the adoption of tools designed to detect flaws as

Read More »

5 Ways Outsourcing App Development Security Will Help You Cut Costs

IT managers today are faced with many tasks and not enough time to complete them all. While these individuals are primarily tasked with ensuring that their top developers efficiently write code lines, they are also often regarded as the responsible parent in charge of maintaining application security. Given that web applications often entail the transfer

Read More »

Samsung’s ‘Find My Mobile’ CSRF Flaw: A Wake Up Call for Mobile Developers

Samsung is currently topping sales charts worldwide with a wide range of Android powered phones catering to virtually all market segments. This mass distribution of mobile devices has magnified the importance of creating secure mobile applications. Unfortunately, a CSRF loophole has been found in one of the the South Korean phone manufacturer’s proprietary applications.

Read More »

7 Lessons We Should Take Away from the Drupal SQL Injection Flaw

What’s the Deal with Drupal? Another month, another apocalypse-summoning security catastrophe – and October was no different. Just over two weeks ago, the security team behind Drupal’s free and open-source CMS released an ominous security advisory that shocked many in the security industry. The advisory, SA-CORE-2014-005, informed users that an SQL injection flaw in all

Read More »