OWASP Top 10 - 2017 Revamp!

OWASP Top 10 - 2017 Revamp!

Finally OWASP is performing a revamp of the Top 10 web-vulnerabilities as per the inputs received from the community. For the first time the OWASP community have also shared the inputs received from different Security consulting/ services firms. Reading through the list, it gives a good idea on what kind

DDOS: Turn your Toaster Off!

Most of you are already aware of the fact that half of the internet went down (or slow), when a 'bad-hackers' group weaponized 'millions of insecure IOT devices' to attack a DNS provider. Personally from my browsing habits, I was largely effected by Twitter being dramatically slow while other sites

Target _Blank - The Infamous Issue

This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and also possible workaround(s). What

Linux TCP ACK Issue (Part 1)

A flaw in the Linux kernel used since late 2012 allows adversaries to inject malicious traffic, without MITM. In a Wednesday presentation at the USENIX Security Symposium researchers showed that this flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012. In their research paper -

Lessons from LinkedIn DB Breach

We are aware that social networking site LinkedIn was breached in June, 2012 and nearly 6 million user credentials were stolen. In May 2016 it's confirmed that nearly 115+ million credentials were stolen, and are now available for sale. So, it's time we revisit what went wrong, and what can

Search

    Recent Posts