INetSim + PolarProxy

Installing a Fake Internet with INetSim and PolarProxy

This is a tutorial on how to set up an environment for dynamic malware analysis, which can be used to analyze otherwise encrypted HTTPS and SMTPS traffic without allowing the malware to ...
Why Websites Need HTTP Strict Transport Security (HSTS)

Why Websites Need HTTP Strict Transport Security (HSTS)

| | HSTS, http, websites
HTTPS has become the protocol of choice for any serious website, but effectively enforcing the use of HTTPS instead of HTTP requires the HTTP Strict Transport Security header, or HSTS. By sending ...
Content-Type and Status Code Leakage

Content-Type and Status Code Leakage

The author of a bug bounty write-up published in Medium on March 20, username 'terjanq', demonstrated that the response to a resource varies based on the state of authorization of the user ...

Implementing SSL Inspection

The post Implementing SSL Inspection appeared first on SecureW2 ...
Why Framework Choice Matters

Why Framework Choice Matters in Web Application Security

One of the oldest clichés in web application security is that, "It doesn't matter which framework you choose, if you know what you're doing". In my experienced opinion, off the back of ...
Missing Content-Type Header

The Importance of the Content-Type Header in HTTP Requests

Dawid Czagan, Founder and CEO at Silesia Security Labs and author of Bug Hunting Millionaire, is listed in HackerOne’s Top 10 Hackers. In a recent article on his website, Czagan disclosed the ...

How to Add HTTP Security Headers in WordPress

If you own a WordPress site, then you should be careful about your website security. To successfully run a blog, business or online store, you need to make sure your website is ...
Cisco patches critical flaws in DNA Center and Prime Infrastructure

Cisco patches critical flaws in DNA Center and Prime Infrastructure

Networking giant Cisco has released patches for several of its products, warning that the updates are for critical bugs found during internal testing. Labeled CVE-2018-15379, a vulnerability in Cisco Digital Network Architecture ...
Final Nail in the Coffin of HTTP: Chrome 68 and SSL/TLS Implementation

Final Nail in the Coffin of HTTP: Chrome 68 and SSL/TLS Implementation

| | http, security, ssl, TLS
Google released Chrome version 68 in late July 2018, marking the start of a new era for secure web browsing. From version 68 onwards, all websites using HTTP will be marked as ...
Google marks all HTTP sites ‘not secure’ starting today

Google marks all HTTP sites ‘not secure’ starting today

With the release of Google Chrome 68 today, technology behemoth Google is labeling all HTTP sites as “not secure,” in an effort to get developers to transition their websites to the safer ...
Loading...