Better secure your code: Web application attacks are on the rise

Web attacks are on the rise, up 30% in six months, according to security vendor Imperva. The second edition of Imperva's Web Application Attack Report (the first report was issued in July) identifies cross-site scripting (XSS) as the attack vector of choice (29% of the attacks reported), followed by directory traversal (DT), accounting for...

Read more

Deploy Red Team to root out excess privilege — or end up red-faced

I have been working on fleshing out the duties of an internal Red Team. Many organizations use outside firms to perform periodic attack and penetration tests. Some, like Stratfor, do not — much to their chagrin when they become the target of an attack. While outside pen testing is important, it does not address the bigger problems facing the...

Read more

Twitter acquisition of web security firm Dasient protects its growing ad business

Twitter’s acquisition of Web security company Dasient is good news for the social network giant and its millions of users, though, on the down side, it takes the security vendor off the general market. The acquisition is apparently focused on protecting Twitter’s growing advertising business, leveraging Dasient’s...

Read more

Spotting and, perhaps, stopping the malicious insider

Do you know this person? He is currently employed, between the age of 35 and 40, holds a technical position, and has a new job offer at a competing company. He very well could be working next to you right now. And he’s someone every company should be concerned about. Who is this person? It’s is the “malicious insider,”...

Read more

DDoS attacks bring down Polish government websites over support for international anti-piracy agreement

There was a new wave of distributed denial-of-service attacks in protest of anti-piracy activity over the weekend, this time targeting Polish government websites. The attacks came in advance of the Polish government’s expected signing of ACTA (Anti-Counterfeiting Trade Agreement) on Thursday. The loosely knit hacktivist group Anonymous,...

Read more

More Posts