HackDig : Dig high-quality web security articles for hacker

Managing Security Risk Introduced by Third-Party Libraries

One of my tasks here at Tripwire is to capture, understand and track security issues in our software products. Generally, I think of this as a kind of “technical debt” called “security debt.” Like any kind of debt, the first step to managing and reducing it is identifying it. In my mind, this is something that is essential for a compa
Publish At:2016-10-10 07:40 | Read:2584 | Comments:0 | Tags:Risk Management Vulnerability Management OWASP risk third-pa

How to hack Google FR by exploiting a cross-site scripting flaw

The security expert Issam Rabhi (@issam_rabhi) has discovered a cross-site scripting vulnerability in Google France. The giant already fixed it. A security expert from French security outfit Sysdream, Issam Rabhi (@issam_rabhi), discovered a cross-site scripting vulnerability in Google France. Yes, you‘ve got it right, the website of the IT giant was a
Publish At:2016-09-14 12:15 | Read:2973 | Comments:0 | Tags:Breaking News Hacking cross-site scripting vulnerability Goo

Rising Danger From SQL Injection Attacks

Almost every week, we hear about a new data breach in the news that reports about a major company losing millions of usernames, passwords, credit card numbers, banking transactions after falling victims to a cyber attack.As per a recent report released by Imperva on Web Application attacks, SQL Injection (SQLi) saw the biggest rise compared to last year wit
Publish At:2015-12-24 06:45 | Read:3402 | Comments:0 | Tags:Featured Articles Security Awareness Infosec OWASP Secuirty

OWASP WebGoat – Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.In each lesson, users must demonstrate their
Publish At:2015-10-20 08:15 | Read:3048 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking deliberately insecure w

VERT Vuln School – SQL Injection 101

SQL injection is arguably the most severe problem web applications face. OWASP, an online community devoted to web application security, consistently classifies injection vulnerabilities as number one on their OWASP Top 10 Project.SQL injection vulnerabilities are a favorite amongst a number of “hactivist” groups whose aim is to cause disruption in the corpo
Publish At:2015-10-06 01:20 | Read:3197 | Comments:0 | Tags:Featured Articles Vulnerability Management hacktivist OWASP

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS trouble in secondary applications.The tool, called Sleepy Puppy
Publish At:2015-09-02 23:00 | Read:2458 | Comments:0 | Tags:Vulnerabilities Web Security cross-site scripting Daniel Mie

All Smartwatches on the market are vulnerable to attacks

A study conducted by HP’s Fortify on security features implemented by Smartwatches revealed that not even a single device found to be 100 percent safe. Today we talk about a great passion of mine, watches. Let me tell you that I’m not attracted by Smartwatches, I consider watches and their gears a work of art lik
Publish At:2015-07-25 11:40 | Read:2614 | Comments:0 | Tags:Hacking Mobile Reports Security HP IoT OWASP Smartwatches We

7 Development AppSec Tricks to Keep the Hackers Away – Part 2

Earlier this week, we introduced Part 1 of a two-part blog post series titled “7 Development AppSec Tricks to Keep the Hackers Away.” We now continue with Part 2 of this feature, highlighting additional application security tips:4. Don’t neglect user input. Incorporate WAF security.Most modern web and mobile applications are based on direct
Publish At:2015-06-18 01:35 | Read:3300 | Comments:0 | Tags:Featured Articles Security Hardening AppSec OWASP Sharon Sol

OWASP Zed Attack Proxy – Integrated Penetration Testing Tool

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced
Publish At:2015-06-09 23:25 | Read:2604 | Comments:0 | Tags:Hacking Tools Web Hacking hacking-proxy integrated penetrati

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:2854 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

OWASP Belgium Chapter Meeting February 2015 Wrap-Up

Tonight the first Belgium OWASP chapter meeting of the year 2015 was organized in Leuven. Next to the SecAppDev event also organised in Belgium last week, many nice speakers were present in Belgium. It was a good opportunity to ask them to present a talk at a chapter meeting. As usual, Seba opened the event and reviewed the latest OWASP Belgium news before g
Publish At:2015-02-25 01:30 | Read:1710 | Comments:0 | Tags:Belgium Event Security OWASP

#HackerKast #18: Verizon Tracking Cookie, NSA tracking via mobile ads, hackers for hire, AppSec Program Quick Start Guid

Hey Everybody! Can’t believe we’ve done 18 of these. Lets get right into it. We started off this week by chatting a bit about Verizon. The headline kind of speaks for itself: “Remember That Undeletable Super Cookie Verizon Claimed Wouldn’t Be Abused? Yeah, Well, Funny Story…” Turns out Verizon will set a cookie in your br
Publish At:2015-01-28 09:00 | Read:1651 | Comments:0 | Tags:Web Application Security WhiteHat HackerKast Application Sec

5 Days to Setting Up an Application Security Program

Congratulations! You now have the responsibility of ensuring your web applications are secure. This is the reality that modern day CISOs and security professionals address every day. You may have even lobbied for and championed this initiative because you are acutely aware of the risk that vulnerable web applications present to the business. Or as is often t
Publish At:2015-01-15 23:00 | Read:1854 | Comments:0 | Tags:Industry Observations Technical Insight Web Application Secu

Internet of Things – Security and privacy issues presented at ISACA Roma & OWASP Italy conference

Yesterday Pierluigi Paganini presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. Yesterday I presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issu
Publish At:2014-12-13 20:15 | Read:2958 | Comments:0 | Tags:Cyber Crime Intelligence Mobile Security botnet Internet of

OWASP Releases Latest App Sec Guide

Advocates with the web application security consortium OWASP published the latest iteration of its Testing Guide this week.The guide, celebrating its 10th anniversary this year, is an informational manual designed to teach developers how to build and maintain secure applications in the face of ongoing threats.Related PostsIEEE Guides Software Architects Towa
Publish At:2014-09-18 23:00 | Read:2014 | Comments:0 | Tags:Compliance Vulnerabilities Web Security App Sec application

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud