Python-based attack tools are the most common vector for launching exploit attempts

Hackers have an obvious predilection for Python-based attack tools, says Imperva. “When examining the use of Python in attacks against sites we protect, the result was unsurprising – a large chunk, up to 77%, of the sites were attacked by a Pytho… Continue reading Python-based attack tools are the most common vector for launching exploit attempts

Hacking Security Episode 2: The 4 CISO tribes

Hacking Security is a monthly podcast on emerging trends in application security development hosted by Steve Giguere, lead EMEA engineer at Synopsys. The CISO Report In Episode 2, we discuss notable CISOs and then dive into the four tribes found in the… Continue reading Hacking Security Episode 2: The 4 CISO tribes

Qualys Community Edition: Discover IT assets, manage vulnerabilities, scan web apps

In this podcast recorded at Black Hat USA 2018, Anthony Mogannam, Product Manager, SME/SMB Solutions at Qualys, talks about issues related to open source software and Qualys Community Edition. Here’s a transcript of the podcast for your convenience. He… Continue reading Qualys Community Edition: Discover IT assets, manage vulnerabilities, scan web apps

Access misconfiguration opens 3D printers to remote attacks

Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and found over 3,700 that are accessible without authentication. The danger of public… Continue reading Access misconfiguration opens 3D printers to remote attacks

These hacks brought to you by ‘leaky’ APIs

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do. And that’s true of cyber security, as demonstrated by a couple of recent incidents invol… Continue reading These hacks brought to you by ‘leaky’ APIs

Data from 316 million real-world attacks in AWS and Azure environments

In evaluating 316 million incidents, tCell found it clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business. The majority of web application attacks are the result of o… Continue reading Data from 316 million real-world attacks in AWS and Azure environments

Same web-based vulnerabilities still prevalent after nine years

Analysis of vulnerabilities discovered by NCC Group researchers over the last nine years found that instances of common web-based vulnerabilities have largely refused to fall over during this time, with cross-site scripting (XSS) vulnerabilities appear… Continue reading Same web-based vulnerabilities still prevalent after nine years

Server-Side Template Injection Introduction & Example

There are few topic that developers universally agree on. One example that often leads to heated discussions is the choice of the right source code editor. You may be a Vim fanatic or maybe you prefer the simplicity of Nano or the extensibility of Visu… Continue reading Server-Side Template Injection Introduction & Example

Cyber Security Roundup for June 2018

Dixons Carphone said hackers attempted to compromise 5.9 million payment cards and accessed 1.2 million personal data records. The company, which was heavily criticised for poor security and fined £400,000 by the ICO in January after been hacked i… Continue reading Cyber Security Roundup for June 2018

Automating web app testing to secure your environment

In this podcast recorded at RSA Conference 2018, Dave Ferguson, Director, Product Management for Web Application Security at Qualys, talks about the challenges and benefits of automating web app testing, Qualys Browser Recorder, as well as Qualys Web A… Continue reading Automating web app testing to secure your environment