Expert analysis
Changes coming to the OWASP Top 10 in 2010
In the spirit of improving Web application security worldwide the folks at OWASP have released the OWASP Top 10 2010 “release candidate”. It’s currently open …
Privacy in the spotlight: 8 million reasons
There is an all-around media frenzy going on about the 8 million GPS location requests that Sprint Nextel received and automatically granted through a web portal to law …
Microsoft’s security patches year in review: A malware researcher’s perspective
It’s no secret that Microsoft has had the lion’s share of security vulnerabilities. Its success as a company has made it the most obvious and profitable target for …
Staying ahead of the cybercriminal
There has been a lot of talk this year about the increasing sophistication of cybercrime threat – even going so far as to claim that virus creation has moved into the …
5 handy WordPress security plug-ins, part 2
If you’re one among the millions of users of WordPress, and you really don’t have that much knowledge about what’s going on under the hood, your best bet to …
Invasive vs. non invasive web application security scan
When evaluating an automated web application security tool, such as Acunetix WVS, the first two questions that typically one would ask are “Does this tool perform an …
Top 5 Firefox add-ons: Security testing and assessment
Test your sites and web applications and perform a security assessment/audit of your work with these handy tools: 1. Tamper Data Use it to view and modify HTTP/HTTPS headers …
Q&A: Passwords
Dmitry Sklyarov is an IT security analyst at Elcomsoft. In this interview he discusses strong and insecure passwords, the compromise between usability and security as well as …
Q&A: Wireshark
Gerald Combs works with the developers of WinPcap at CACE Technologies as the Director of Open Source Projects, and is the lead developer of Wireshark. In this interview, he …
Best practices for DNS security
Securing the DNS must be a priority because it is so central to the proper functioning of every IP network. Employing the best possible protections for the DNS will pay huge …
Spam evolution: September 2009
Spam in email traffic The amount of spam detected in email traffic averaged 86.3% in September 2009. A low of 83.3% was recorded on 18 September with a peak value of 91.3% …
Looking back at 2009 through SQL injection goggles
The earliest public mention I could find of SQL injection (“piggybacking SQL statements’ as the author put it) was from someone who called himself Rain Forest …