Skip to content

You Can’t Catch What You Can’t See

Posted: July 20th, 2009 | Filed under: IIS & HTTP, Web and Application Security | Tags: , , , , , ,

The importance of Web application firewalls

The front of your website can appear as calm as a lake surface, but underneath do you really know what kind of trouble is brewing? While your website is online it is being subjected to traffic; tons of traffic for some of you lucky ones, some legitimate, some suspect. The not-so-wanted traffic can include hackers and spammers who are trying to break through the defenses of your site to get to your server and then either corrupt or steal information from your databases. Read the rest of this entry »

No Comments »

Have you been XSSed?

Posted: April 20th, 2009 | Filed under: Web and Application Security | Tags: , , , , , , ,

In his recent article on XSS vulnerabilities, Brian Krebs of the Washington Post reports that last year thousands of Web sites were cited for harboring security flaws that could be used to attack others online.

“At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user usually from something like a search box or e-mail form but do not prevent users from entering malicious code or other instructions.” Read the rest of this entry »

No Comments »

Report: Top 25 Most Dangerous Programming Errors

Posted: January 16th, 2009 | Filed under: IIS & HTTP | Tags: , ,

The Information Security community has been buzzing this week with talk of the newly released CWE/SANS Top 25 Most Dangerous Programming Errors. The goal of the report is to identify not just security vulnerabilities (think OSASP Top Ten), but the programming errors that create those holes. Read the rest of this entry »