This topic has come up before, but it is probably worthwhile noting that of course, any data provided by the user can be used against a web application, not just proper POST and GET data. For example, we had a couple readers point us to a recent blog post in http headers  and how many web application vulnerability scanners miss them. Another reader (Thanks Ovi!) sent us an interesting example hiding the exploit in the browser’s user agent field.Read More...
- Oracle Releases April 2014 Security Advisory April 16, 2014
- Kvasir – Penetration Testing Data Management Tool developed for Cisco Advanced Services Sec Posture Assessment team April 16, 2014
- Half of IT pros make undocumented changes to IT systems April 16, 2014
- Brightest Flashlight app leaked locations of 50 million users, FTC doesn't fine them April 16, 2014
- ISC StormCast for Wednesday, April 16th 2014 http://isc.sans.edu/podcastdetail.html?id=3937, (Wed, Apr 16th) April 16, 2014
Tagsapi apple archives article browser bruce schneier business china copyright development director downloads education enterprise events facebook feeds gfi government hackers hacking industry infrastructure internet linkedin linux management microsoft network networks news opinion phishing podcasts science security social-media symantec team cyrmu technology united-kingdom united-states videos vulnerability windows