Articles by Robert Abela
What Changed and What you need to know about PCI DSS 3.0
The new PCI DSS version 3.0 guidelines will take effect on the 1st of January 2014 but will only be forced in 2015. Still, 1 year passes by so quickly so read this document to see what changed and what is new in the new PCI DSS 3.0 guidelines and check how it might impact your business and the security of your websites and web applications.
New Netsparker 3.1 is Available for Download
Why You Should Run Authenticated Web Security Scans
Top 10 Mistakes when Performing a Web Vulnerability Assessment
In Information Technology there are numerous mistakes, oversights, and blunders that are repeated consistently day after day. But given what there is to lose when it comes to web application security, why not learn from the mistakes of others so you don’t get burned? This blog post lists the top 10 mistakes typical web application security experts do and that you need to be aware of when seeking out the real business risks in your web vulnerability assessments:
Getting developers on board to transition from part of the problem to part of the process
Are your web application developers key players in the web application security equation? They are often the unsung heroes who help prevent many security problems from ever occurring, or closing down web vulnerabilities once identified. Yet in the real world they are often portrayed as a large part of the security problem. It doesn’t have to be that way.
Should you pay for a Web Application Security Scanner?
If you ask 10 web security specialists which is their favorite web vulnerability scanner, most probably you will get 30 different answers. Digging deeper you will also find that while some prefer to use free tools, several others prefer to rely on a commercial web vulnerability scanning solution. This web security blog post highlights the differences between free web security tools and commercial web application security scanners.
Web Application Security Testing should be part of QA Testing
Web vulnerability scanning should form part of the normal QA process when developing web applications to ensure that a business develops and releases secure web applications. Unless project managers start classifying security vulnerabilities and other web application security issues as normal functionality bugs, web developers will keep on developing vulnerable web applications.
Why Web Vulnerability Testing Needs to be Automated
There are several pitfalls in web application security and one of them is sticking to manual audits only. This blog posts highlights the benefits of automating the process of finding vulnerabilities and other security issues in modern web applications. It also looks into the common pitfalls encountered by web security specialists when trying to identify all web application vulnerabilities manually.
An XSS Vulnerability is Worth up to $10,000 According to Google
Google are willing to pay up to $10,000 to anyone who discovers a cross-site scripting vulnerability in one of their web applications. Why are Google doing so? Definitely not by coincidence. By exploiting a cross-site scripting vulnerability a malicious hacker can easily gain administrative access on a web application, gain control over it and where possible infiltrate deeper into the corporate network. Read this blog post for more information about the impact an exploited XSS can have on your business.
Use Netsparker to Detect Ruby on Rails Vulnerabilities
The Dangerous Complexity of Web Application Security
Modern web applications are becoming so complex that it is virtually impossible to check every possible attack vector and ensure it is not vulnerable without using an automated tool, such as Netsparker Web Application Security Scanner. The same applies for the modern trend of web application vulnerabilities, some of them can only be reproduced using automated means. Hence why the more complex a web application is, the bigger the need to use an automated web vulnerability scanner to identify vulnerabilities before malicious hackers do.