HackDig : Dig high-quality web security articles for hackers

COVID-19’s Best Practices for Building Secure Mobile Applications

A worldwide catastrophe this contagious virus COVID-19 pandemic has raised endless problems to mankind. The restrictions we face today are something humans are not used to. Commonly termed as Corona Virus, this disease primarily affects the lungs of a person making it harder to breathe. With the specialists still working on inventing the cure, we are man
Publish At:2020-07-08 20:05 | Read:166 | Comments:0 | Tags:Knowledge-base Security Advisory Web Application Security OW

COVID-19 cybersecurity: Pro-bono Pentests for COVID-19 related Apps & Software

COVID 19 cybersecurity: Pro-bono program helping organizations & developers to secure their applications. What is it? COVID-19 poses a grave danger to the world due to the high rates of spreading and the virus continuing to affect different geographical locations. A global slowdown appears to be a foregone conclusion to the lockdown.  To
Publish At:2020-05-03 07:50 | Read:288 | Comments:0 | Tags:News Penetration Testing Web Application Security COVID 19 A

WordPress 4.7.2 release addresses XSS, SQL Injection vulnerabilities

According to the release notes the latest version of WordPress 4.7.2 addresses three security, including  XSS, SQL Injection flaws. The WordPress development team has pushed the WordPress 4.7.2 version that fixed three security issues, including a cross-site scripting and a SQL injection vulnerability. The new update comes just two weeks after WordPress rele
Publish At:2017-01-28 13:05 | Read:4355 | Comments:0 | Tags:APT Security CMS Hacking Pierluigi Paganini Security Affairs

WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs

According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for all previous versions. According to the release notes, the new version addresses eight security flaws an
Publish At:2017-01-13 23:05 | Read:5640 | Comments:0 | Tags:Breaking News Hacking CMS web application security WordPress

[CRITICAL] Nissan Leaf Can Be Hacked Via Web Browser From Anywhere In The World

What if a car could be controlled from a computer halfway around the world? Computer security researcher and hacker Troy Hunt has managed to do just that, via a web browser and an Internet connection, with an unmodified Nissan Leaf in another country. While so far the control was limited to the HVAC system, it’s a revealing demonstration of what’s possible.
Publish At:2016-11-20 03:20 | Read:4955 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates 0xic

Kemuri Water Company (KWC) | Hackers change chemical settings at water treatment plant

Hackers manipulated the programmable logic controllers that managed the amount of chemicals used to treat the water to make it safe to drink.   NEW YORK — March 23, 2016 — Hackers breached a water company’s industrial control system and made changes to valve and flow control settings, Verizon revealed in its latest Data Breach Digest. The unnamed w
Publish At:2016-11-20 03:20 | Read:8845 | Comments:0 | Tags:Critical Infrastructures Cyber Security ICS SCADA Security U

BYOD Makes Application Security a Matter of National Security

Several publications have commented on a new study from Harvard’s Berkman Center for Internet and Society. The study was called “Don’t Panic: Making Progress on the ‘Going Dark’ Debate.” Apple and others have designed products with so-called “end-to-end encryption,” meaning that a message between two users can
Publish At:2016-02-12 14:05 | Read:5257 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

NSA Directorates

An earlier post made the point that security problems can come from subdivisions of an organization pursuing incompatible goals. In the Cold War, for example, lack of coordination between the CIA and the State Department allowed the KGB to identify undercover agents. The Guardian reports that the NSA is reorganizing to address this issue. Previously, its off
Publish At:2016-02-05 19:20 | Read:3510 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Top 10 Web Hacking Techniques of 2015

With 2015 coming to a close, the time comes for us to pay homage to top tier security researchers from the past year and properly acknowledge all of the hard work that has been given back to the infosec community. We do this through a nifty yearly process known as The Top 10 Web Hacking Techniques. Every year the security community produces a stunning number
Publish At:2016-01-12 16:40 | Read:3146 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

HTTP Methods

Much of the internet operates on HTTP, Hyper Text Transfer Protocol. With HTTP, the user sends a request and the server replies with its response. These requests are like the pneumatic tubes at the bank — a delivery system for the ultimate content. A user clicks a link; a request is sent to the server; the server replies with a response; the response h
Publish At:2015-12-30 03:10 | Read:6081 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

“Insufficient Authorization – The Basics” Webinar Questions – Part I

Recently we offered webinar on a really interesting Insufficient Authorization vulnerability: a site that allows the user to live chat with a customer service representative updated the transcript using a request parameter that an attacker could have manipulated in order to view a different transcript, potentially giving access to a great deal of confidentia
Publish At:2015-12-12 01:10 | Read:4037 | Comments:0 | Tags:Technical Insight Tools and Applications True Stories of the

An idea to help secure U.S. cybersecurity…

… and looking for the right person to show us how to do so. A few years back I was watching a presentation given by General Keith B. Alexander, who was at the time Commander, U.S. Cyber Command and previously Director of the National Security Agency (NSA). Gen. Alexander’s remarks focused on the cybersecurity climate from his perspective and the impact on U.
Publish At:2015-12-03 18:15 | Read:3394 | Comments:1 | Tags:Industry Observations Vulnerabilities Web Application Securi

The Ad Blocking Wars: Ad Blockers vs. Ad-Tech

More and more people find online ads to be annoying, invasive, dangerous, insulting, distracting, expensive, and just understandable, and have decided to install an ad blocker. In fact, the number of people using ad blockers is skyrocketing. According to PageFair’s 2015 Ad Blocking Report, there are now 198 million active adblock users around the world with
Publish At:2015-12-03 00:10 | Read:3994 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

“Crash Course – PCI DSS 3.1 is here. Are you ready?” Part II

Thanks to all who attended our recent webinar, “Crash Course – PCI DSS 3.1 is here. Are you ready?”. During the stream, there were a number of great questions asked by attendees that didn’t get answered due to the limited time. This blog post is a means to answer many of those questions. Still have questions? Want to know more about
Publish At:2015-12-01 12:00 | Read:3923 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

URLs are content

Justifications for the federal government’s controversial mass surveillance programs have involved the distinction between the contents of communications and associated “meta-data” about those communications. Finding out that two people spoke on the phone requires less red tape than listening to the conversations themselves. While “
Publish At:2015-11-30 17:55 | Read:4075 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio


Share high-quality web security related articles with you:)