Historic scientific notation bug foils WAF defenses
A new article in the Daily Swig discloses that security researchers have discovered that a historic vulnerability affecting both MySQL and MariaDB databases caused serious flaws for security technologies, specifically Web Application Firewall (WAF) from AWS. WAF failures aren't new, and we recently wrote about a hacker claiming WAFs don't ... Read More
On Track for Fifth Record Year in a Row for Vulnerabilities
Last year, K2 Cyber Security reported that the US-CERT Vulnerability Database hit a record number of vulnerabilities recorded for the fourth year in a row on December 15, 2020. As of last Thursday, October 14, 2021, the database is on track to hit a fifth record year of recorded vulnerabilties. ... Read More
Experts Say Cyber Attacks Are Getting Worse
A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more. The post Experts Say Cyber ... Read More
Mitre Top 25 Software Weaknesses
In addition to OWASP finally updating the Top 10 Web Application Risks, this year Mitre also updated their Top 25 Most Dangerous Software Bugs, also known as the CWE Top 25. One of the interesting things to note about the updated list, is that common vulnerabilities still feature prominently, an ... Read More
NIST SP800-53 Revision 5, One Year Later
It will be one year since NIST released their final version of SP800-53 Revision 5 on September 23, 2020. As a quick reminder SP800-53 is the document issued by NIST that specifies the Security and Privacy Controls that need to be used by agencies of the Federal government. The post ... Read More
OWASP Working Group Releases Draft of Top 10 Web Application Risks for 2021
The Open Web Application Security Project (OWASP) has released its draft Top 10 Web Application Security Risks 2021 list with a number of changes from the 2017 list (the last time the list was updated). The list has been maintained by OWASP since its release in 2003 with updates every few ... Read More
Traditional Application Security Tools Ineffective Against New And Growing Threats
A new article in Help Net Security covers some interesting new statistics that reflect the inability of current security tools to protect organizations against attacks happening on web applications. The article shares numbers from a study run by ESG. The post Traditional Application Security Tools Ineffective Against New And Growing ... Read More
Why WAFs Don’t Work According to a Hacker
A new article in SDXcentral talks about why WAFs (Web Application Firewalls) are insufficient protection according to a hacker. The topic of WAFs isn't new to K2 and we've covered their failures in this blog article as well as an article on the dissatisfaction with WAFs in the security community, ... Read More
Why Do Developers Continue to Write Vulnerable Code?
It's been 18 years since OWASP first published their list of Top 10 Web Application Security Risks in 2003. It wouldn't be unreasonable to think it would have been possible to solve web application security problems in that time frame. Yet, attacks continue to happen, and successfully target vulnerabilities in ... Read More
Application Security Books For Your Bookshelf
Security practitioners are under the constant need to keep up to date and continue their learning, just to keep up with the ever changing tactics of cyber criminals. It's one of the reasons, to keep an eye out for useful books to enhance and broaden our knowledge base. A recent ... Read More