web application

Hacking Kia: Shocking Web Portal Vulnerability Discovered! Plus, NIST Password Updates!

Kia Security Flaw Exposed, NIST’s New Password Guidelines

| | Authentication, biometrics, cars, Connected Cars, Cyber Security, cyber threat, Cybersecurity, Data Privacy, Digital Privacy, Episodes, Hacking, Information Security, Infosec, Kia, MFA, Multi-Factor Authentication, NIST, Password, password complexity, Password Guidelines, Password Policy, Password reset, Password Resets, passwords, Podcast, Podcasts, Privacy, security, technology, web application, web application vulnerability, Weekly Edition
In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The ...
Shared Security Podcast

HTTP Parameter Pollution and Mass Assignment Attacks

| | Application Security, Blog, Cyber Security, Cybersecurity, web application
This blog focuses on two important things: the HTTP parameter pollution attack and mass assignment vulnerability. It helps developers to understand the risks that web apps can face and how to make ...
WeSecureApp :: Simplifying Enterprise Security
Advanced Chain Vulnerabilities

Understanding CRLF Injection: A Web Application Vulnerability and Mitigation

| | Application Security, CRLF Injection, Cyber Security, Cybersecurity, web application
CRLF (Carriage Return Line Feed) injection is a web application vulnerability that occurs when an attacker can inject malicious CRLF characters into an HTTP response. This vulnerability can lead to various security ...
WeSecureApp :: Simplifying Enterprise Security
DEFCON 17: Social Zombies: Your Friends Want to Eat Your Brains

Social Zombies Revisited: Your Friends Want to Eat Your Brains

| | api, Browser Zombies, Cybersecurity, Data Privacy, DEF CON, DEFCON 17, DEFCON Hacking Conference, Digital Privacy, Episodes, facebook, Geocities, Information Security, Infosec, Kevin Johnson, Meta, myspace, Online Tracking, Podcast, Privacy, privacy settings, security, social media, Social networks, Social Zombies, technology, Third-Party Application, Tom Eston, Twitter, web application, Weekly Edition, zombies
On this week’s episode, We’re excited to bring you a classic conference talk that Tom Eston gave with co-host Kevin Johnson back in 2009 at DEF CON 17 in Las Vegas. The ...
The Shared Security Show
SEC rules, cybersecurity, SEC cyber data breach rules

Elevating Web App Security to a National Priority

| | AppSec, cisa, web application
It’s been an eventful few months in terms of sizable cyberattacks. First, we had the SolarWinds hack, then the Colonial Pipeline ransomware attack made cybersecurity acutely real for millions of people in ...
Security Boulevard
cloud-native Security at Speed: A New Paradigm

WAFaaS: When ‘As-A-Service’ Means ‘Bad Service’

| | AppSec, Cloud-native, waf, WAFaaS, web application
In 1908, Henry Ford introduced the Model T – the world’s first mass-produced vehicle. In his quest to quickly mobilize Americans, Ford famously quipped that the car was available to his customers “in ...
Security Boulevard
Resecurity Exim SEO print printer Google Docs BEC business AI certificate Fax or Email for Secure Document Delivery

Keyfactor, PrimeKey to Advance Certificate Automation

| | APIs, certificate, Keyfactor, PrimeKey, web application
Keyfactor announced this week announced it intends to merge with PrimeKey as part of an effort to enable organizations to more easily manage certificates on an end-to-end basis. The company also revealed ...
Security Boulevard
Akamai JavaScript

Akamai Tool Detects Suspicious JavaScript Code

| | CDN, content delivery network, formjacking, Javascript, Magecart, web application, web skimming
Akamai today launched Page Integrity Manager, an in-browser threat detection capability that discovers compromised instances of JavaScript running on a client. Patrick Sullivan, CTO for security strategy at Akamai, said this type ...
Security Boulevard
Serious Flaws Endanger Apps Built with Spring Framework

Serious Flaws Endanger Apps Built with Spring Framework

| | Intel Remote Keyboard, Remote Code Execution, Spring Framework, web application
Developers of the popular Spring framework for developing Java web applications patched three vulnerabilities this past week, including a critical one that could be exploited for remote code execution. The most serious ...
Security Boulevard
OT

Equifax’s Servers Reportedly Had Glaring Holes Long Before Data Breach

| | Bad Rabbit, Data breach, Equifax, EternalRomance, NotPetya, Ransomware, Server Security, SMBv1, vulnerability, web application
Equifax reportedly took six months to take down a publicly exposed web application that could have allowed anyone on the internet to search and download sensitive personal consumer data. VICE Motherboard reported ...