Month: May 2011

US-CERT Cyber Security Alerts

US-CERT is a U.S. government agency that provides response support and defense against cyber attacks. US-CERT is part of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). Although US-CERT’s goal is to support the government agencies to defend themselves against cyber attacks, the agency disseminates cyber security information to governments, industry and the public, free of cost. You can receive regular mailing lists of known vulnerabilities from US-CERT by going to http://www.us-cert.gov/and enrolling in their […]

OWASP Top Ten Web Application Vulnerabilities #4: Cross-Site Request Forgery (CSRF)

Cross-site request forgery or CSRF is a type of web application vulnerability wherein hackers trick authenticated users of your websites to submit information to a web application on behalf of the hacker without the legitimate user being aware of the fact. What the CSRF attack does is to trick the legitimate user into loading a hacker’s web page that uses the legitimate user’s credentials to perform malicious actions, masquerading as the user. For example, a successful CSRF attack will enable […]

SAN Critical IT Controls # 14: Wireless Device Control

While many companies are adept at securing their enterprise networks with routers, intrusion prevention and intrusion systems, wireless devices remain a very vulnerable to hacker attacks. Wireless devices are ubiquitous, and there are several ways hackers can exploit your wireless systems to gain access to internal networks. Unauthorized wireless access points in your network are just waiting to be exploited by hackers, who can gain access to your internal network by simply bypassing your security perimeter and connecting with wireless […]

OWASP Top Ten Web Application Vulnerabilities: #2: Cross-Site Scripting

Cross-site scripting, also referred to as XSS, is the most common web application security vulnerability. XSS vulnerabilities can result from anyone that is able to send untrusted data into your stem – this includes external and internal users and administrators. XSS vulnerabilities may exist in your code when your application doesn’t properly validate data sent by a user to a browser. Improper invalidation of user content allows attackers to send a text-based attack script to exploit the browser’s interpreter. Browser […]

In Archive