What is Code Injection and How to Avoid It

What is Code Injection and How to Avoid It

| | code injection
Code injection, also called Remote Code Execution (RCE), occurs when an attacker exploits an input validation flaw in software to introduce and execute malicious code. Code is injected in the language of the targeted application and executed by the server-side interpreter for that language – PHP, Python, Java, Perl, Ruby, ... Read More
Why Websites Need HTTP Strict Transport Security (HSTS)

Why Websites Need HTTP Strict Transport Security (HSTS)

| | HSTS, http, websites
HTTPS has become the protocol of choice for any serious website, but effectively enforcing the use of HTTPS instead of HTTP requires the HTTP Strict Transport Security header, or HSTS. By sending the HSTS header with suitable parameters, the server informs the visiting browser that only the HTTPS version of ... Read More
7 Crucial Components of Cyber Incident Recovery

7 Crucial Components of Cyber Incident Recovery

| | incident-recovery
Organizations of all sizes are consistently reporting increased numbers of cyber incidents, with data breaches and ransomware infections fast becoming a common occurrence. While solid security procedures and good planning can go a long way towards preventing and containing many incidents, sooner or later things can go wrong – and ... Read More
A Cyber Incident Response Plan for Your Web Applications

A Cyber Incident Response Plan for Your Web Applications

Barely a day goes by without reports of a data breach or costly outage in yet another organization, and hundreds of similar incidents go unreported. With so many businesses dependent on web technologies, chances are that sooner or later your organization will face a cyber security incident involving your websites, ... Read More
What Is Session Hijacking: Your Quick Guide to Session Hijacking Attacks

What Is Session Hijacking: Your Quick Guide to Session Hijacking Attacks

Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications. The attack relies on the attacker’s knowledge of the victim’s session cookie and is also called cookie hijacking or cookie side-jacking. In most cases when you log into a web application, the ... Read More
Clickjacking Attacks: What They Are and How to Prevent Them

Clickjacking Attacks: What They Are and How to Prevent Them

Clickjacking refers to any attack where the user is tricked into unintentionally clicking an unexpected web page element. The name was coined from click hijacking, and the technique is most often applied to web pages by overlaying malicious content over a trusted page or by placing a transparent page on ... Read More
What Is Privilege Escalation and Why Is It Important?

What Is Privilege Escalation and Why Is It Important?

| | attacker, data, security
Privilege escalation happens when a malicious user of an account or application gains access to the privileges of another user account in the target system. The attacker can then use the newly gained privileges to steal confidential data, run administrative commands or deploy malware – and potentially do serious damage ... Read More