Netsparker Professional Edition, by Mavituna Security, is a web application scanner focused on finding unknown flaws in your applications. It can find a wide range of vulnerabilities including SQL injection, cross-site scripting, local and remote file inclusion, command injection and more. Installation of the software was easy, and as Mavituna Security touts, the license is [...]
I have seen a lot of hype in my day, but this one is pretty much — not funny. Below is a link to a mainstream media trade magazine for the hospitality industry in which the claim that PCI compliance is the “best defense” hotels and the like can have against attackers and data theft. [...]
Thanks to the data from the HITME, I interact with a lot of people and organizations that have compromised machines. Often, my email or phone call is the first they have heard of the problem. Reactions vary from shock and denial to acceptance and occasionally rage. Even worse, when they hear that their machines are [...]
PHP is a scripting language that is deployed on countless web servers and used in many web frameworks. “PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.”[1] In 2007, at least 20 million websites had PHP deployed. The exponential growth of PHP came from [...]
Today was my first real chance to try out the iPad as a VPN client in a critical situation. I needed an essential file for a client in a real hurry. We were about 50 miles from the office and a physical return with the file wasn’t possible. Even worse, it was stored on an [...]
As the Internet continues to morph, common attack vectors change. Info Sec professionals once had the ease of scanning a network and leveraging available vulnerabilities to gain a foothold; but now we’re seeing a paradigm shift toward web applications and the security that protects them. I’m sure this is nothing new to our readers! We [...]