Help Net Security
Manual SQL Injection demonstration using DVWA
Scripts are nice, but they will fail eventually. But, that doesn’t mean the flaw is not exploitable. Eventually you will need to turn to manual techniques to verify a …
As the PCI deadline looms, merchants should avoid quick fix measures
On Thursday 30 September 2010, the latest PCI DSS deadline kicks in, requiring all level one merchants (those processing more than six million transactions per year) to adhere …
USB drive identifies and extracts data, leaving no footprint
Harris Corporation introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device – called BlackJack – is designed …
60% of organizations suffered $2 million losses for Web 2.0 security issues
While organizations see the potential value of Web 2.0 tools, decision makers continue to debate whether or how to allow employee usage of the technology in the workplace. A …
Free malicious PDF analysis e-book
Didier Stevens, the hacker who became a synonym for malicious PDFs, released a free e-book. It’s a chapter he wrote as co-author of a malware analysis book. For more …
Week in review: Stuxnet, XSS Twitter flaw, and 2-factor authentication from Google
Here’s an overview of some of last week’s most interesting news and articles: Cybercriminals steal Interpol Chief’s identity to access info on fugitives …
Scaling intrusion prevention systems for 10G, 40G and beyond
The Internet is still growing and, as we make the transition from Intrusion Detection Systems (IDS) to Intrusion Prevention Systems (IPS) – driven in part by the fact …
E-crime gangs targeting classifieds, social networking and gaming websites
Phishing gangs have been increasing their efforts against brands in the social networking, online classifieds and online gaming industries, according to the APWG. In its …
Cisco delivers secure network connectivity for Apple iOS 4.1
Cisco AnyConnect Secure Mobility Solution is now available from the App Store. It offers highly secure network connectivity from any Apple iOS 4.1 device, improving the …
Majority of U.S. federal domain names still don’t use DNSSEC
The majority of Federal agency run .gov domains are not signing their DNS with DNSSEC despite a December 2009 Federal deadline for adoption, according to an IID report. DNSSEC …
Preparing for a firewall audit
Network security audits are getting a lot of coverage these days thanks to standards like SOX, PCI-DSS, and HIPAA. Even if you don’t need to comply with any of those …
Lack of security measures still hinder cloud computing adoption
Demand for cloud computing systems clearly exists. However, better security, like multi-factor authentication and encryption, are going to be required if cloud computing …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade