AppSec Blog

Exchanging and sharing of assessment results

[Cross posted from SANS ISC] Penetration tests and vulnerability assessments are becoming more common across the whole industry as organizations found that it is necessary to prove a certain level of security for infrastructure/application. The need to exchange test result information is also increasing substantially. External parties ranging from business partners, clients to regulators may … Continue reading Exchanging and sharing of assessment results


Weekly Roundup of Web Hacking Incidents

The following web hacking incidents were added to WHID in the past week: WHID 2010-216: DDoS: Myanmar attacks larger than those against Estonia and Georgia - http://bit.ly/cZBLWG WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website - http://bit.ly/dg9v6q WHID 2010-214: Attack cause Intuit Web-hosting service outage? - http://bit.ly/dn8yed WHID 2010-213: Cops: Hacker Posted Stolen … Continue reading Weekly Roundup of Web Hacking Incidents


Insecure Handling of URL Schemes in Apple's iOS

This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011 In this article, I will discuss the security concerns I have regarding how URL Schemes are registered and invoked in iOS. URL Schemes, as Apple … Continue reading Insecure Handling of URL Schemes in Apple's iOS


Weekly Roundup of @Risk Web Application Vulnerabilities

Volume: IX, Issue: 45 November 4, 2010 Summary of the vulnerabilities reported this week: Web Application - Cross Site Scripting 10.45.27 - Zomplog Cross-Site Scripting and HTML Injections 10.45.28 - Drupal Watcher Module Cross-Site Scripting Issue Web Application 10.45.29 - BlogBird Multiple HTML Injection Issues 10.45.30 - XAMPP Cross-Site Scripting and Information Disclosure Issue 10.45.31 … Continue reading Weekly Roundup of @Risk Web Application Vulnerabilities


Weekly Roundup of Web Hacking Incidents

The following web hacking incidents were added to WHID in the past week: WHID 2010-211: New DDoS Trojan Attacks Sites That Criticize Vietnamese Communist Party - http://bit.ly/cBlZH9 WHID 2010-210: RIAA and LimeWire - Both Are Offline - http://bit.ly/dzzCtR WHID 2010-209: Hacker may have accessed DHH database - http://bit.ly/9JGnnR WHID 2010-208: BoingBoing hacked and defaced - … Continue reading Weekly Roundup of Web Hacking Incidents