web application security
Lack of skills hindering appsec programs
An ongoing shortage of skills in application security is severely hampering the implementation of effective Appsec programs, according to SANS. The 2014 Application Security …
Defending against drive-by downloads
In case you haven’t heard the term before, a drive-by download (DbD) is a class of cyber attack where you visit a booby-trapped web site and it automatically, and …
GitHub sets up bug bounty program
GitHub is the latest service to announce that they have started a security bug bounty program. “The idea is simple: hackers and security researchers find and report …
The growing hacking threat to e-commerce websites, part 2
In the first part of my article, I briefly revised attackers’ motivations to compromise your website. In this part, I will discuss how websites get hacked, how you can …
The growing hacking threat to e-commerce websites, part 1
Recently, a friend of mine, owner of a small online web store, had his website compromised. He asked me lots of questions about why this had happen (he didn’t really …
Deplorable security flaws in Santander UK banking apps and site
When banks urge customers to use their mobile banking apps and sites for making online payments, users usually assume these methods are secure and do so. But Paul Moore, a …
Verify your software for security bugs
Verification is an important phase of developing secure software that is not always addressed in depth that includes dynamic analysis and fuzzing testing. This step allows …
UK man indicted for hacking US govt networks, stealing confidential data
The New Jersey U.S. Attorney’s Office has charged an alleged hacker in the United Kingdom with breaching thousands of computer systems in the United States and elsewhere …
Bypassing security scanners by changing the system language
A substantial security oversight is present in a variety of penetration testing tools, and it has to do with the different languages that a computer system can be set up to …
WordPress 3.7 delivers important architectural updates
WordPress 3.7, named Basie, is available for download or update in your WordPress dashboard. Updates include: Updates while you sleep: With WordPress 3.7, you don’t have …
The Basics of Web Hacking: Tools and Techniques to Attack the Web
Web security is one of the hot topics that we cover quite a lot on Help Net Security and is something that generates news and catches the interest of ever growing number of …
Python for web application security professionals
Python is an open source, interactive, object oriented programming language. It’s very easy to learn and an extremely powerful high level language. It runs on Windows, …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments