HackDig : Dig high-quality web security articles for hacker

More Mobile Apps Means More Man-in-the-Middle Attacks

When you travel outside your corporate network with your mobile device, you are much more vulnerable to man-in-the-middle (MitM) attacks. This is how attackers intercept data as it’s being passed from a mobile device to a server. Of course, this is problematic for a number of reasons. CSO Online demonstrated how easy it is to steal all sorts of informa
Publish At:2017-06-21 17:10 | Read:1821 | Comments:0 | Tags:Endpoint Mobile Security Application Security Bring-Your-Own

Incorporate Application Security Checks and Balances Into Your Organization’s Citizen Developer Initiatives

The first time I heard the term “citizen developer,” I thought it might be the name of a new blockbuster summer movie. However, citizen development has morphed from a trendy IT catchphrase to a powerful force that’s transforming the way organizations develop software. But as your organization opens its doors to citizen developers, how do yo
Publish At:2017-05-22 11:55 | Read:1487 | Comments:0 | Tags:Application Security Application Development Application Sec

Application Security for Beginners: A Step-by-Step Approach

Introduction to web application securityThe Web has evolved a lot over time. It started with information exchange, and now it is being used for almost everything, be it entertainment, the health industry, home, etc. From a functionality standpoint, the web has evolved a lot. However, taking a step back and looking from a security perspective there is a
Publish At:2017-05-19 09:40 | Read:3007 | Comments:0 | Tags:Application Security

The Security Weaknesses of the iOS: The Aisi Helper, Sandjacking, and Image Threats

IntroductionAs we have eluded in other articles, the world of Information Technology and all of its related hardware and software applications are growing at a very fast pace. In fact, it is so fast that even the consumer, the business, or even the corporation simply cannot keep with this pace. It seems like that hardly one new technology is being adop
Publish At:2017-05-05 19:55 | Read:2133 | Comments:0 | Tags:Application Security IOS

Taming the Open Source Beast With an Effective Application Security Testing Program

Cute Attacks With Acute Impact on Your Application Security Testing Effectiveness Here we go again: Another attack with a cute name is about to make the news. More dangerous than a Ghost, a POODLE, a FREAK, a Heartbleed, a Shellshock or the other 6,000-plus attacks that show up each year, we know at least two things about it:   It will probably attack
Publish At:2017-05-05 01:55 | Read:2098 | Comments:0 | Tags:Application Security Cloud Security DevOps Open Source Stati

Who Is Responsible for IoT Security?

The Internet of Things (IoT) is exploding into the mainstream, even as the broader role of mobile applications in the enterprise expands. But concerns about mobile and IoT security are emerging even more rapidly. The challenge, in a nutshell, is that there are currently no clear lines of responsibility when it comes to IoT and mobile security. Applications a
Publish At:2017-05-03 13:10 | Read:1813 | Comments:0 | Tags:Application Security Mobile Security Chief Information Secur

The Apache Struts 2 Vulnerability and the Importance of Patch Management

Apache Struts is a free, open source framework for creating Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media. In early March 2017, Apache released a patch for the Struts 2 framework. The patch fixes an easy-to-exploit vulnerability that allows attacker
Publish At:2017-04-25 12:20 | Read:1649 | Comments:0 | Tags:Application Security Endpoint Apache Incident Response (IR)

Lynis: Walkthrough

Lynis is an open-source security audit tool used to check the security of Linux and UNIX based systems. Since it is self-hosted, it performs extensive security scans when compared to other vulnerability scanners. Lynis is a tool released by CISOFY.Lynis works on a variety of UNIX-based systems such as:FreeBSDLinuxMacOSOpenBSDNetBSDAIXHP-UXSolarisRaspbe
Publish At:2017-04-20 21:30 | Read:1736 | Comments:0 | Tags:Application Security

AppConfig Community Membership Soars

Today, the AppConfig Community released its annual report, exhibiting strong growth across all associated membership categories: independent software vendors (ISVs), mobile application developers and enterprise mobility management (EMM) providers. Membership has soared to 90 ISVs, more than 1,400 developers and 19 EMM providers since the community’s in
Publish At:2017-04-17 01:45 | Read:1895 | Comments:0 | Tags:Mobile Security Application Development Application Security

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:2152 | Comments:0 | Tags:Application Security Application Development Application Sec

Why Blockchain-as-a-Service Should Be on Your Radar

Blockchain news is seemingly everywhere these days, and for good reason. The technology behind bitcoin holds a lot of promise for all sorts of use cases — some of them having nothing to do with digital payments. Over the course of last year, a lot of ideas regarding the technology were tried out, but “during 2017, many of them will be discarded,̶
Publish At:2017-03-24 11:20 | Read:3657 | Comments:0 | Tags:Application Security Banking & Financial Services Bitcoin Bl

Intelligent Code Analytics: Increasing Application Security Testing Coverage With Cognitive Computing

In a previous post, we examined how cognitive computing can greatly reduce the false positives and noise that are inherent in static application security testing (SAST). We also showed how the reduction of false positives can be done without impacting language coverage — i.e., decreasing the rule set — which is the approach of most application security offer
Publish At:2017-03-20 15:15 | Read:1784 | Comments:0 | Tags:Application Security Cognitive Analytics Application Securit

RIPS – Finding vulnerabilities in PHP application

The biggest fear of any developer has always been that their site may get hacked and occasionally it does end up being hacked. For a very long time, the most popular stack being used for the development of website has been the LAMP Stack (Linux, MySQL, PHP/Perl/Python). Out of which, the most frequently used language was PHP. Many major websites such a
Publish At:2017-03-20 14:50 | Read:1873 | Comments:0 | Tags:Application Security

Top 5 Web Application Security Scanners of 2017

Web application plays an important role in an organization and possesses a great impact and gateway to organization’s critical information. However, hackers always look ahead to breach into corporate information and application to steal confidential and critical information. For that, organizations need a web application scanning solution that ca
Publish At:2017-03-14 11:01 | Read:2016 | Comments:0 | Tags:Application Security

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

In the previous three chapters of this series, we discussed ways for developers to put their hacker hats on and program defensively to prevent security bugs from cropping up in their software. We described the nature of SQL injection, OS command injection and buffer overflow attacks. We did not, however, touch upon the No. 1 issue that plagues web applicatio
Publish At:2017-03-13 17:00 | Read:2203 | Comments:0 | Tags:Application Security Application Development Cross-Site Scri

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud