The Web Application Hacker’s Handbook

DAFYDD STUTTARD | April 26, 2016

article image
This book is a practical guide to discovering and exploiting security fl aws in web applications. By “web applications” we mean those that are accessed using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, fi le systems, and web services, but only in the context in which these are employed by web applications

Spotlight

GhostMail

GhostMail is a cyber security company specialized in secure and private encrypted communications. Fed up with the ever-increasing threat of hackers, mass surveillance and cyber-crimes, we decided to help everybody to communicate securely and change the digital privacy landscape. We have a strong belief in the fundamental right to online privacy, and that exercising this right should be free, easy and available to both consumers and businesses. E-crime has come to stay and people need to take action and protect themselves. We offer the perfect solutions to mitigate the growing threat of Internet communications. Our highly encrypted services are easy to use and requires no downloads or software installments and can be used on Mac, PC and mobile. GhostMail has built a strong team of security geeks, encryption specialist, coders and MBA’s working from offices in Scandinavia and Switzerland. The founders are experienced Internet entrepreneurs and have the energy, vision and p

OTHER ARTICLES

Guest Blog: Cyber security guidance for remote working

Article | March 20, 2020

In these challenging times, it’s sad to learn that cyber criminals are only increasing their activity as they look to capitalise on the Covid-19 crisis. With the NCSC (National Cyber Security Centre) issuing warnings of such activity on a daily basis, it’s important that we all work to protect our businesses from the damage of cybercrime. As many of us move to working from home, the opportunity for cyber attacks only increases, so it’s vital that we work together with our IT colleagues to adopt good cyber health practices. If you are working from home, you should only be using a VPN (Virtual Private Network) or a secure home network with strong end-to-end encryption; e.g. Office 365 SSL session. Don’t be tempted to use public wifi, as hackers can position themselves between you and the access point.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

Best Cybersecurity Tips for Remote Workers

Article | June 21, 2021

Remote working and cybersecurity risks, unfortunately, go hand in hand. As the COVID-19 pandemic appears to be far from over, cyber threats to individuals and businesses continue to loom large. The only solution at the moment is to invest in robust technology solutions that protect your network and to train employees in cybersecurity so that they develop healthy remote working practices. If you allow a bulk of your employees to work remotely, it is important to adopt a few basic habits to protect your devices and your business network from cyber criminals. Here’s a quick look at a few basic tips for remote workers that can go a long way in enhancing the overall security posture of your organisation. Passwords provide the first line of defense against unauthorized access to your devices and personal information. By creating a strong, unique password, you increase protection levels tremendously. You make it more challenging for cybercriminals to gain access and disrupt your systems networks. Rule number two is never to ignore those little pop-up windows that tell you that software updates are available for your device. Once you get such a notification, be sure to install the latest software as soon as possible. Timely software updates (including antivirus updates) help patch security flaws and safeguard the computer system. Are you busy with your work and don’t like to be distracted by such notifications? We highly suggest you encourage your employees to select auto-update for software on both mobile devices and computers. It will help you and your staff to prevent problems caused by delayed system updates.

Read More

5 Benefits of Investing in Cyber Security & IT solutions in 2021

Article | June 2, 2021

Cyber Security has quickly evolved from being just an IT problem to a business problem. Recent attacks like those on Travelex and the SolarWinds hack have proved that cyber-attacks can affect the most solid of businesses and create PR nightmares for brands built painstakingly over the years. Investing in cyber security training, cyber security advisory services and the right kind of IT support products, has therefore, become imperative in 2021. Investing in cyber security infrastructure, cyber security certification for employees and IT solutions safeguards businesses from a whole spectrum of security risks, ransomware, spyware, and adware. Ransomware refers to malicious software that bars users from accessing their computer system, whereas adware is a computer virus that is one of the most common methods of infecting a computer system with a virus. Spyware spies on you and your business activities while extracting useful information. Add social engineering, security breaches and compromises to your network security into the mix, and you have a lethal cocktail.

Read More

Spotlight

GhostMail

GhostMail is a cyber security company specialized in secure and private encrypted communications. Fed up with the ever-increasing threat of hackers, mass surveillance and cyber-crimes, we decided to help everybody to communicate securely and change the digital privacy landscape. We have a strong belief in the fundamental right to online privacy, and that exercising this right should be free, easy and available to both consumers and businesses. E-crime has come to stay and people need to take action and protect themselves. We offer the perfect solutions to mitigate the growing threat of Internet communications. Our highly encrypted services are easy to use and requires no downloads or software installments and can be used on Mac, PC and mobile. GhostMail has built a strong team of security geeks, encryption specialist, coders and MBA’s working from offices in Scandinavia and Switzerland. The founders are experienced Internet entrepreneurs and have the energy, vision and p

Events