The Ghosts of Buffer Overflow

An enormous amount of due diligence.  That’s what it will take to overcome one of the most common computer security vulnerabilities that has been vexing cyberspace for years, according to John Clark of the University of York.  “To make buffer overflows a thing of the past will require an enormous amount of due diligence – […]

CSRF and the Confused Deputy

Imagine that a smooth operator convinces Barney Fife — the famous sheriff’s deputy on TV — to unlock a Mayberry jail cell. Barney has the keys. He has the authority. He wants to do the right thing, but he’s easily confused and manipulated.  Your web browser has authority too.  It can do a lot of […]

Attack of the Botnet Zombies

There have been plenty of zombie movies over the past few years. The plots are similar — the undead stalk the living — and the productions are generally not Oscar material. But somehow the threat hits a nerve with the general public. To illustrate a threat of a different kind, let’s come up with a […]

Cross-Site Scripting (XSS) Exploits

JavaScript is a dandy programming language. And it’s very popular. A report from W3Techs shows that 94.7% of all websites surveyed used JavaScript. But it’s also vulnerable to a top web application hack called cross-site scripting (XSS). Unlike SQL injection, which targets the server side, XSS goes directly for unsuspecting web users. XSS injects malicious […]

Defending Against SQL Injection

If you’re worried about computer hackers, you should be worried about SQL injection (SQLi). It keeps showing up on the top ten list of the Open Web Application Security Project (OWASP). In 2013, the year of their latest approved list, OWASP put injection at the top of the list. “Injection flaws such as SQL, OS, […]

Selecting the Right Monitors for Your Website

Suppose you’ve just launched a new website and you want to make sure that everything keeps working fine. What’s the next step? You could just hope and pray, but there is merit to being more proactive than that. The responsible thing to do is to monitor your website, including all the critical pages, services, and […]

Why Ransomware is a Threat to Availability

According to the FBI, ransomware became a billion dollar industry in 2016.  That is right, $1 billion.  If ransomware were a legitimate industry, it would be the focus of case studies in every business school in the world as its growth is unprecedented.  This growth is attributed to four primary reasons. The amount of money […]

Server Hardening for Security and Availability

Server hardening is a necessary process. And it’s a never-ending one. From the moment you pull the machine out of the box (or create it in the virtual environment), it pays to be thinking about security. But server hardening can do more than keep your machine safe. It will help with performance, and it can […]

Why You Need Web Application and API Protection (WAAP)

One of the mantras for today’s enterprise could be, “living on the edge.”  With the proliferation of the cloud and the digital services and mobile apps that it hosts, today’s enterprise is all about the edge.  Chances are your company or organization has a web presence on the Internet thanks to Web 2.0, which gives […]

Making a Case for Cloud and its Disruptive Benefits

In the 1970s, a new technology known as the internet was born in the engineering laboratory of one of the United States’ most famous schools and like most disruptive technologies, its birth was greeted with derision by many in the IT community. Known then as ARPANET which birthed the internet, a columnist for a prominent […]