Never mind the buzzwords: Here’s the straight deal on application security

The shifting tides of security hype and buzzwords move with the seasons, yet the fundamental challenges remain the same. We sat down with seasoned CTOs Ken Schirrmacher of Park ‘N Fly and Frank Catucci of Invicti Security to discuss best practices for web application and API security, roughing up more than one security buzzword along the way.

Keeping your Web applications in check with HIPAA compliance

HIPAA compliance is more than simply checking boxes and meeting the minimum audit requirements. You should ensure your web applications are secure and use the compliance act as a guideline.

Identifying WordPress Websites On Local Networks (behind Firewalls) and Bruteforcing the Login Pages

This article explains how attackers can use the XSHM attack to identify WordPress websites running on internal networks and behind firewalls, and also launch a login bruteforce attack against them.

SQL Injection Prevention Techniques for Ruby on Rails Web Applications

This article looks into several techniques which Ruby on Rails developers can use to develop web applications that are not vulnerable to the notorious SQL injection vulnerability.

Remote Code Evaluation (Execution) Vulnerability

This article explains what the Remote Code Evaluation (execution) vulnerability is and how attackers can exploit it. The article also explains of what you should do as a developer to prevent this vulnerability.

Paul’s Security Weekly #483 – Netsparker CEO Talks on CSRF, WAFs, Selenium and CSP

Ferruh Mavituna, Netsparker’s CEO and founder talks at length about web application security testing, the SQL Injection vulnerability and the security standard Content Security Policy (CSP) in the popular podcast Paul’s Security Weekly, episode number 483.

Exploiting a CSRF Vulnerability in MongoDB Rest API

This article explains how attackers can exploit a Cross-site Request Forgery (CSRF) vulnerability in the MongoDB REST API to extract data from the database of the vulnerable database management system.

CRLF injection, HTTP response splitting, and HTTP header injection vulnerabilities

What is a local file inclusion vulnerability?

What is the command injection vulnerability?

Yandex Browser Vulnerability Allows Attackers to Steal Victim’s Browsing Data

This post explains how a malicious hacker can exploit a CSRF vulnerability in the Yandex browser that would allow them to get hold of the victim’s confidential browsing data, including bookmarks, browsing history and also saved usernames and passwords.

Web Application Security and the SDLC Discussed on the Virtualization and Cloud Security Podcast

Ferruh Mavituna, Netsparker’s CEO talks about web application security automation and scalability with Edward Haletky in episode 17 of the Virtualizastion and Cloud Security Podcast.