HackDig : Dig high-quality web security articles for hacker

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:105 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:179 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:153 | Comments:0 | Tags:Application Security Risk Management Application Development

Eight Myths Not to Believe About Penetration Testing

Penetration testing — the process of trying to break into one’s own system to find vulnerabilities before cybercriminals do — is an integral part of information security. The data gleaned from these evaluations can help companies remediate flaws in their security infrastructure before fraudsters have a chance to expose them. Dispelling Eight Penetratio
Publish At:2017-08-10 20:40 | Read:247 | Comments:0 | Tags:Data Protection Risk Management Data Breaches Penetration Te

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:234 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

The Living Dead: How to Protect Legacy Systems

The recent widespread attacks of WannaCry and NotPetya both used known vulnerabilities of legacy operating systems, namely SMB v1 protocol. In general, known vulnerabilities are easy to mitigate as long as patches and updates are provided. But in these cases, many organizations seem to have ignored the advice to patch their systems — or maybe not. There ar
Publish At:2017-07-20 21:00 | Read:260 | Comments:0 | Tags:Network Risk Management Legacy Applications legacy systems n

Going Through a Rough Patch in Your Security Program? Consistent Software Patching Can Solve Security Woes

Security is an imperfect art. It’s also an imperfect science. Whether it involves experimenting with certain tweaks or implementing proven standards and prescriptive advice, figuring out how to manage a security program is as complex as navigating any other business function. According to the Pareto Principle, security professionals should focus on the
Publish At:2017-07-03 23:50 | Read:282 | Comments:0 | Tags:Endpoint Network Risk Management Adobe Patch Patch Managemen

Stopping Threats in Their Tracks With Proactive Monitoring

With household names such as Renault ceasing manufacturing and the National Health Service of the U.K. actively redirecting patients from hospitals that are incapable of providing critical health care, ransomware has moved well beyond an annoyance that impacts your grandmother’s laptop and directly into the global spotlight. Over the past few days, how
Publish At:2017-05-24 19:10 | Read:447 | Comments:0 | Tags:Network Security Intelligence & Analytics Network Protection

Vulnerability Management in the Age of Analytics

It is becoming increasingly critical to manage both unknown and known vulnerabilities. In fact, since even novice cybercriminals can exploit publicly disclosed issues, it may be even more important to manage known vulnerabilities. Furthermore, fraudsters can examine information associated with known threats to develop new attacks and scout potential targets
Publish At:2017-05-14 01:10 | Read:402 | Comments:0 | Tags:Endpoint Security Intelligence & Analytics Endpoint Manageme

The Apache Struts 2 Vulnerability and the Importance of Patch Management

Apache Struts is a free, open source framework for creating Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media. In early March 2017, Apache released a patch for the Struts 2 framework. The patch fixes an easy-to-exploit vulnerability that allows attacker
Publish At:2017-04-25 12:20 | Read:634 | Comments:0 | Tags:Application Security Endpoint Apache Incident Response (IR)

Vulnerability Metrics: The Final Frontier

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects.In this part, w
Publish At:2017-04-04 04:40 | Read:1056 | Comments:0 | Tags:Featured Articles Vulnerability Management remediation secur

Turning Data into Metrics – A Vulnerability Story

One of the main issues I find across the information security industry is that we constantly need to justify our existence. IT has been the traditional cost centre, but businesses have slowly realized they need to spend on IT to enable their businesses. Information security, on the other hand, is the team that is constantly preventing the business from freel
Publish At:2017-03-28 06:40 | Read:759 | Comments:0 | Tags:Featured Articles Vulnerability Management remediation secur

VERT Threat Alert: March 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses 18 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins and expects to ship ASPL-716 on Wednesday, March 15th.Ease of Use (published exploits) to Risk TableAutomated ExploitEasyModerateDifficultExtremely DifficultMS17-006MS17-007MS17-008MS17-013MS17-014MS17-017MS17-018 MS17-012No Known Exploi
Publish At:2017-03-15 23:31 | Read:781 | Comments:0 | Tags:Featured Articles Vulnerability Management Adobe microsoft P

Authoritative Asset Repository: What’s That?!

A Configuration Management Database (CMDB) is a repository that is an authoritative source of information of what assets are on the corporate network. At least, that’s what it’s supposed to be. However, in many of my recent discussions, the more common definition given for CMDB is “a struggle.” Does that sound familiar? If so, keep reading. If not, please sh
Publish At:2017-01-30 18:30 | Read:675 | Comments:0 | Tags:IT Security and Data Protection IT Security Security Control

VERT Threat Alert: Cisco WebEx Browser Extension Remote Code Execution

Vulnerability DescriptionA vulnerability in the Cisco WebEx Browser extension for Chrome, Firefox, and Internet Explorer could be used to execute code on a victim system. It is trivial to exploit the vulnerability and sample exploit code has been released publicly. The vulnerability leverages command execution in the launch_meeting message via a message even
Publish At:2017-01-26 04:00 | Read:971 | Comments:0 | Tags:Vulnerability Management Cisco remote code execution threat

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud