I apologize ahead of time if I start to ramble through this post.  Script injections are major vulnerability in web applications due to the variety of attacks that can result from one injection point and there’s a lot we can talk about.  If we take a look at the Verizon Data Breach Investigation Report, we […]

I recently covered a few sections from the Verizon Data Breach Investigations Report (take a look if you haven’t already).  I also mentioned another one of my favorites, the WhiteHat Security Website Security Statistics Report.  This report gives an insightful overview of a constantly evolving and frequently targeted attack vector, web applications.  Ignoring my strong […]

I remember during my senior year of college the struggle and confusion surrounding where to start my career.  Luckily, I had a very helpful professor who gave me an overview of the different paths a security professional can take.  As I started my career, it became apparent that it wasn’t as simple as he explained. […]

I don’t know about you guys, but I’m constantly on Amazon looking for new books to read.  I’ve managed to acquire a decent collection of books and read through the majority of them.  I figured I’d share a few of my favorites, and give a little insight on each of them. The Web Application Hacker’s […]

Someone once said that “no security hole is too small”.  The longer you work in the information security field, the more relevant this becomes.  So many times, it’s been shown that the tiniest details can lead to massive data breaches.  The 2013 Target breach is a prime example.  Attackers first broke into Targets network on […]

When it comes to cross-site scripting, we want to find those script injection points that are frequently overlooked.  A common source of stored cross-site scripting vulnerabilities is the file upload.  Not only can we store a script in the application, but this script may be downloaded by other users.  When we first explorer our application, […]

I think an attack vector that is often under-analyze is the web service.  There’s no user interface, so what’s the real danger? Cross-Site Scripting (which accounts for about 53% of all application vulnerabilities) is completely useless since there is no HTML response.  And how would one even use this tool without a user interface? Well, […]

Nearly every application relies on some type of data store, whether it’s a user database or a database of information related to the website.  Without proper sanitation of inputs, these stores can be vulnerable to SQL injections, and attackers may be able to retrieve critical information with our permission.  If you don’t have an understanding […]

ClickJacking Clickjacking is the malicious technique of tricking a user into clicking on something different than what the user intends to click on.  This can result in confidential information being revealed or taking control of the user’s browser.  Embedded code or scripts can execute without a user’s knowledge by clicking on a button that appears […]

So you’ve just graduated (or maybe you’re just finishing school) and you’re wondering where to go from here.  Graduate school is expensive and those student loans are coming in every month, how do you continue learning without paying tens of thousands of dollars every year? Certifications are a great path to take, and the best […]