Skip to content

Report: Top 25 Most Dangerous Programming Errors

Posted: January 16th, 2009 | Filed under: IIS & HTTP | Tags: , ,

The Information Security community has been buzzing this week with talk of the newly released CWE/SANS Top 25 Most Dangerous Programming Errors. The goal of the report is to identify not just security vulnerabilities (think OSASP Top Ten), but the programming errors that create those holes. Read the rest of this entry »

2 Comments »

Free tools to improve IIS security

Posted: May 28th, 2008 | Filed under: Web and Application Security | Tags:

Here is a short and sweet list of free IIS security tools by Kevin Beaver @ TechTarget (he wrote the classic Hacking for Dummies):

http://searchsecurity.techtarget.com.au/articles/24798-Free-tools-to-improve-IIS-security

Port80′s HeaderCheck and other free HTTP analysis tools are mentioned  in there as well (toot-toot goes the horn), but it is a useful list of tools.  And free is nice, given the price of gas and all!

Cheers,
Port80

PS Our Deal Packs are not “free“, but they are a little lighter on the ol’ budget — check them out at http://www.port80software.com/deals/.

No Comments »

Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

Posted: April 28th, 2008 | Filed under: Web and Application Security | Tags: ,

The recent wave of SQL injection attacks has made mainstream news, just in case you have not seen it:

Hundreds of Thousands of Microsoft Web Servers Hacked

Jeremiah Grossman and others have made the point, accurately, that this is not a Microsoft IIS Web server issue, but rather that Web developers not adhering to security best practices are to blame (for shame, it is not like we have enough to do already!):

Security expert: Don’t blame Microsoft for mass site defacements

To solve this puzzle, look no further than controlling parameters, permissions and sanitizing your inputs with a Web application firewall or WAF like ServerDefender AI or the upcoming ServerDefender VP.  Yes, you can learn to write more secure code, but why wait to get protected or deal with recoding legacy bits?  Get a WAF, and get PCI complaint, something we all need to be focusing on now.

Cheers,
Port80

PS BTW thanks to Jeremiah for being one of the early believers in ServerMask… it is nice to watch as his security star rises!

No Comments »