Zero Day Exploit Protection

They say what you don’t know can’t hurt you — but that’s not really true. One example is a zero-day exploit. This is a network vulnerability that hasn’t been identified yet, at least not by the people who need to fix it. These IT professionals have zero days to fix the problem because they don’t […]

Protocol Anomaly Detection

It’s late at night and you’re walking to your car after attending a community event. Your car is still a block away. As you walk, you scan the scene before you. Something is just not right, you say to yourself. On the dark sidewalk ahead of you, you see two silhouettes. They are moving about, […]

What You Should Know About APIs

We all know how a computer user interface (UI) works — at least in general terms. Humans interact with digital machines using input devices, and we watch everything real-time on computer monitors. When we think of user input, we usually think of Input devices like a mouse, keyboard, touchscreen, trackball, or pointing stick. But we […]

Guarding Against Data Loss

In 2013, a U.S. military judge sentenced PFC Bradley Manning to 35 years in prison. His crime, as everyone knows, was leaking confidential information. Manning illegally downloaded data to a CD and gave it to Wikileaks. The intentional release of sensitive information is just one way that data loss occurs within an organization. Sometimes it […]

And You Thought Your Transactions Were Safe: SSL Based Attacks

Your plaintext internet traffic is subject to attack. You already knew this.  And it probably won’t surprise you to learn that your encrypted internet traffic is also vulnerable. It’s an unfortunate situation. Carl Herberger, Radware’s VP for Security Solutions, says that the prospect of SSL-based attacks “makes a folly of our existing security infrastructure”. The […]

Be on Guard for Forceful Browsers

When you go to a store to look around, the clerk may ask if they can help you. No, you’re just browsing, you say. You’re not necessarily in search of anything in particular. We do the same thing online. Web browsing is a way to satisfy our curiosity, to delve into areas that interest us, […]

An Introduction to Form Field Manipulation

You use web forms all the time. All across the internet, you are called upon to give certain information about yourself in order to access a site, use an application, or purchase a product. And the truth is most of us have become more open to these kinds of interactions as we have become immersed […]

Cookie Manipulation and Poisoning

Everybody loves cookies. They’re hard to resist — sweet and delicious. So why is something as flavorless as a computer cookie blessed with the same name? You can blame Lou Monulli. He created the technology for Netscape Communications and received a patent for it in 1998. In the beginning, nobody knew that cookies were being […]

The Ghosts of Buffer Overflow

An enormous amount of due diligence.  That’s what it will take to overcome one of the most common computer security vulnerabilities that has been vexing cyberspace for years, according to John Clark of the University of York.  “To make buffer overflows a thing of the past will require an enormous amount of due diligence – […]

CSRF and the Confused Deputy

Imagine that a smooth operator convinces Barney Fife — the famous sheriff’s deputy on TV — to unlock a Mayberry jail cell. Barney has the keys. He has the authority. He wants to do the right thing, but he’s easily confused and manipulated.  Your web browser has authority too.  It can do a lot of […]