Even the Mightiest Fall: An SQL Injection in Sophos XG Firewall
Do you really think you are safe from web vulnerabilities or that they are just minor problems? A few days ago Sophos, one of the world’s most renowned security companies, found an SQL Injection in their product. What is worse, they found the vulnerability because... Read more The post Even ... Read More
What Is SEO Poisoning (Search Engine Poisoning)
Search engine optimization poisoning (SEO poisoning) is a term used to describe two types of activities: Illegitimate techniques used to achieve high search engine ranking, usually (but not only) to attack visitors Exploiting vulnerabilities on existing high-ranking web pages and using them to spread malware... Read More → The post ... Read More
Common Password Vulnerabilities and How to Avoid Them
Weak passwords and password reuse are still some of the most serious concerns for cybersecurity. There are several ways to increase password security but they are often not adopted by users and administrators. Here’s how you can make sure that sensitive data in your web... Read More → The post ... Read More
How To Build a Cyber Incident Response Plan
No matter how well you manage your cybersecurity, there is always a chance that you will become a victim of a cyber attack. That is why every organization, no matter the size, should be prepared to react to a cyber incident. The key element of... Read More → The post ... Read More
What Is DNS Cache Poisoning
DNS cache poisoning is a type of DNS spoofing attack where the attacker stores fake data in a DNS resolver cache. All clients that use this DNS cache receive such fake data. It can be used for very effective phishing attacks (often called pharming) and... Read More → The post ... Read More
Cybersecurity Trends 2019 – Web Security
The year 2019 so far has seen its share of major security and data breaches. Unsurprisingly, they were not caused by new cybercriminal techniques but by the same ones that have plagued information security for up to two decades. Social engineering and cyberattacks on web... Read More → The post ... Read More
Data Breaches Due to Exposed Databases
The recent massive breach of sensitive Ecuador population data is yet another case, where there was no actual hack involved. The data owner, an Ecuadorian company Novaestrat, simply left an unsecured Elasticsearch database exposed on a publicly accessible server in Miami. The database contained data... Read More → The post ... Read More
What Is IAST (Interactive Application Security Testing)
Interactive Application Security Testing (IAST) is a term for tools that combine the advantages of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). It is a generic term, so IAST tools may differ a lot in their approach to testing web application... Read More → The post ... Read More
Red Team vs. Blue Team Exercises for Web Security
One of the best ways to verify the security posture of a business is to perform a mock attack. This principle is behind the concept of penetration testing (manual mock attack) and vulnerability scanning (automatic mock attack). While penetration tests and vulnerability scans are performed... Read More → The post ... Read More
What Is Same-Origin Policy
Same-Origin Policy (SOP) is a rule enforced by web browsers, which controls access to data between websites and web applications. Without SOP, any web page would be able to access the DOM of other pages. This would let it access potentially sensitive data from another... Read More → The post ... Read More
