This topic has come up before, but it is probably worthwhile noting that of course, any data provided by the user can be used against a web application, not just proper POST and GET data. For example, we had a couple readers point us to a recent blog post in http headers  and how many web application vulnerability scanners miss them. Another reader (Thanks Ovi!) sent us an interesting example hiding the exploit in the browser’s user agent field.Read More...
- ISC StormCast for Thursday, July 31st 2014 http://isc.sans.edu/podcastdetail.html?id=4085, (Thu, Jul 31st) July 31, 2014
- Symantec Endpoint Protection Privilege Escalation Zero Day, (Wed, Jul 30th) July 30, 2014
- social blade dot com (youtube stats tracker) redirects to Nuclear Pack exploit kit, clever and insidious July 30, 2014
- value for money in a crowded market? NSA Ex-Director Touts $1m Per Month Security Service July 30, 2014
- Robert Graham:open-src isn't actually more secure: usability, deterministic builds and code-review are all against it July 30, 2014
Tagsapi apple archives article browser bruce schneier business china copyright development director downloads education enterprise events facebook feeds gfi government hackers hacking industry internet linkedin linux management mcafee microsoft network networks news opinion phishing podcasts science security social-media symantec team cyrmu technology united-kingdom united-states videos vulnerability windows