Hacking
Find reflected XSS candidates in source code
Using Ocular to search for reflected XSS in an applicationWhen learning how to find, exploit, or prevent security vulnerabilities, it’s important to understand the root causes of the vulnerability and what actually ...
Getting to Know Compliance in Software Development
A developer’s introduction to compliance standards like PCI-DSS, HIPAA, and GDPR.Photo by Andrew Neel on UnsplashAs data breaches increase in frequency and scope, more governmental entities focus on using the stick rather than the ...
Malicious Life Podcast: Inside Operation Flyhook Part 2
To capture Alexey Ivanov and his business partner and bring them to justice, the FBI created an elaborate ruse: a fake company named Invita, complete with a fake website and a fake ...
Are Offensive Cyber Campaigns Gaining Traction?
In the last year alone, Ransomware attacks have surged, and we have already seen more DDoS attacks at this point in the year than all of 2020. The post Are Offensive Cyber Campaigns Gaining ...
Malicious Life Podcast: Inside Operation Flyhook Part 1
Alexey Ivanov was exactly the kind of person to benefit from the early-2000's dot-com boom: he was bright, talented and really knew his stuff. His only problem was the fact that he ...
Modern AppSec Tools Must Focus on Reducing Attackability, Not Chasing Bugs
Developers need findings with higher context, not additional findings, in order to make applications secure in today’s environment.Photo by Johnson Wang on UnsplashFor too long, application security vendors have been focused on finding ...
OWASP Updates the Top 10 Web Application Security Risks
OWASP Top Ten updates: what changed?OWASP updates the top 10 web application security risksPhoto by Scott Graham on UnsplashThe Open Web Application Security Project, or OWASP, is a non-profit organization dedicated to improving software security ...
Malicious Life Podcast: Marcus Hutchins – A Controversial Hero
In May 2017, Marcus Hutchins - AKA MalwareTech - became a hero for stopping WannaCry, a particularly nasty ransomware that spread quickly all over the world. Yet his fame also brought to ...
The Return of Travel: Why CISOs Must be Extra Vigilant
Travel is making a comeback. Progress on the vaccination front means executives and board members are hitting the road for business meetings and trade shows, visiting exotic vacation destinations, and catching up ...
Missouri Governor and F12 Hacking, Global Ransomware Meeting, Fake Government Websites
Details on the F12 “hacking” incident of the Missouri state education website and the foolish response from the Missouri governor, Over 30 countries (except China and Russia) meet to fight ransomware globally, ...
