In starting to prepare for the Offensive Security Advanced Web Application Exploitation (AWAE) course, I ran across a vulnerability category that I was certainly familiar with but hadn’t run across in the wild lately. Insecure deserialization is an interesting category of vulnerabilities, as it’s part of the OWASP Top 10 but usually isn’t the first […]
In today’s blog, we will do a quick introduction to Ransomware. Ransomware is a form of malware (short for malicious software) designed to deny access to the data on a user’s computer until a ransom is paid. Typically, ransomware is spread via phishing emails, users unknowingly visiting/interacting with an infected website, or weak passwords allowing an attacker […]
The Open Source Security Testing Methodology Manual, or OSSTMM, was created to: …provide a scientific methodology for the accurate characterization of operational security (OpSec) through examination and correlation of test results in a consistent and reliable way. This manual is adaptable to almost any audit type, including penetration tests, ethical hacking, security assessments, vulnerability assessments, […]
File upload filtering is an extremely important part of web application security that is also notoriously hard to get right. And unfortunately the stakes are high, as vulnerabilities associated with your file upload functionality can quickly turn into critical, exploitable issues with impacts that include remote code execution on the underlying web server. So let’s […]
Today’s blog is just a quick update on home security. As a security professional, one of the most common questions I get from friends and family revolves around concerns they have from smart devices, or Internet of Things (IoT) devices, in their home. Should they be worried about their smart lock on their front door […]
Currently and going forward, many employees may find themselves working from home temporarily or permanently. Security is still extremely important to yourself and your employer and today, we will explore tips and tricks that will help you maintain your security posture while working remotely. Working From Home Security Tips & Tricks Leverage a VPN – […]
