Defense in Depth: It’s for Programmers, Too!
“But, we took care of that before, didn’t we?” asked a participant in a web application security course I taught recently. It was a good, logical question. We were discussing “SQL injection” a process where an attacker enters database commands into a website field – in, say a forum or comment section – that could […]
Injection Attacks: What They Are and How to Prevent Them
One topic we discuss in Learning Tree’s System and Network Security Introduction and Defending the Perimeter from Cyber Attacks courses is “code injection.” I wrote a bit about this four years ago, but I want to provide more detail as these attacks are not going way as quickly as we thought they might. Wikipedia defines […]
Your New Device Probably Isn’t Secure
The overwhelming majority of people who purchase computer and networking equipment – whether for home or office – seem to believe that the products will be secure. They probably aren’t. I’ve talked about default passwords before. The basic idea is that manufacturers want to make their products easy for purchasers to configure. To that end, […]
Injections (Not the Kind from the Doctor!)
Dark Reading reported in early May of this year that injection attacks are on the rise again. Injection attacks were also number one on the OWASP (Open Web Application Security Project) Top Ten for 2011. The OWASP Top Ten project describes itself as “a broad consensus about what the most critical web application security flaws […]