HackDig : Dig high-quality web security articles for hacker

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:565 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

The Power and Versatility of Pervasive Encryption

As cyberthreats make headlines, companies across the globe are working hard to develop efficient IT infrastructures capable of protecting sensitive data and maintaining compliance with privacy regulations. Although it checks both of these boxes, many organizations have been hesitant to adopt encryption due to cost, operational impact, the complexity of key m
Publish At:2017-11-04 02:00 | Read:261 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

Five Key IT Security Best Practices to Safeguard Your Expanding Business

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating
Publish At:2017-10-22 05:00 | Read:177 | Comments:0 | Tags:Application Security Retail Risk Management Application Secu

How to Increase Transparency and Rebuild Trust After a Data Breach

As more companies suffer breaches and leak private data online, it becomes harder for organizations to be transparent and establish trust with their customers. Recent incidents have shown that many experts underestimated the total impact of a data breach in terms of the actual number of users affected and the volume of data made public. Many companies take t
Publish At:2017-10-22 05:00 | Read:252 | Comments:0 | Tags:Application Security Data Protection Incident Response Data

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:289 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:258 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:259 | Comments:0 | Tags:Application Security Risk Management Application Development

Pervasive Encryption Simplifies Mainframe Security

On July 17, IBM unveiled its z14 mainframe server, which combines the traditional mainframe hardware with new capabilities in areas such as cloud, cognitive, analytics, application management, blockchain, machine learning and more. Most importantly, z14 includes enhanced security features — namely, pervasive encryption — to help clients stay one step ahead
Publish At:2017-08-04 20:10 | Read:1075 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

Integrating the IoT Into Your Application Security Program

The Internet of Things (IoT) is here, but is your security program ready to handle it? For many reasons, such as network complexity, limited visibility, politics and other challenges that come along with emerging technologies in the enterprise, your organizations is likely underprepared. To get up to speed, a good place to start is your application security
Publish At:2017-08-02 12:30 | Read:517 | Comments:0 | Tags:Application Security Network Application Security Testing Ap

Hello, My Name Is Space Rogue

IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent. Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym. The
Publish At:2017-07-28 03:30 | Read:450 | Comments:0 | Tags:Application Security Security Services X-Force Research IBM

IBM X-Force Red Turns 1, Expands Into Auto and IoT Practice Areas

Earlier this year, I gave a talk at the RSA Conference about the privacy and security flaws in many of today’s connected cars. The response was nothing short of astounding. As it turns out, people get very nervous when you talk about finding and controlling their cars from a mobile phone. While I didn’t initially set out to find vulnerabilities i
Publish At:2017-07-24 17:25 | Read:247 | Comments:0 | Tags:Application Security Industries Software & App Vulnerabiliti

Multipronged IoT Security to Help Realize the Value of IoT Solutions

The Internet of Things (IoT) is an exciting and innovative technology that can help businesses discover new growth areas and income streams. With all this innovation to differentiate in industry verticals and challenge traditional operating models, it’s easy to overlook IoT security, both in terms of its uniqueness and its importance. What Is Different
Publish At:2017-07-24 17:25 | Read:451 | Comments:0 | Tags:Application Security CISO Cognitive Industries X-Force Resea

The Promise of a Unified App Catalog for the Enterprise

Applications can improve the way we get through the day. There are apps for shopping, getting to your next destination, staying abreast of the latest news, keeping in touch with loved ones — no matter what you need, chances are there’s an app for it. It’s no different for enterprises. Apps have helped revolutionize entire industries and have beco
Publish At:2017-07-11 15:55 | Read:645 | Comments:0 | Tags:Application Security Endpoint Mobile Security Apple Applicat

A Primer on Cross-Site Scripting (XSS)

Cross-site scripting (XSS), which occurs when cybercriminals insert malicious code into webpages to steal data or facilitate phishing scams, has been around almost since the dawn of the web itself. Although it is an older exploit, it still appears frequently enough to land on the OWASP Top 10 list. It has even affected modern websites run by the FBI, the O
Publish At:2017-07-10 21:30 | Read:358 | Comments:0 | Tags:Application Security Application Scanning Cross-Site Scripti

In Case You Missed the Memo: What’s New in IBM’s Application Security Testing?

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss
Publish At:2017-06-28 14:55 | Read:428 | Comments:0 | Tags:Application Security Cloud Security Risk Management Applicat

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud