What are the interesting and trending topics in web security

This topic contains 2 replies, has 1 voice, and was last updated by  Henry864 3 years, 3 months ago.

  • Author
    Posts
  • #8880
     Henry864 
    Participant

    It’s an incredibly broad topic, so I’ll try to cover this as best I can:

    Web application vulnerabilities, such as those found to be vulnerable to XSS (e.g., JS injection), SQLi, and occur in any language/framework that has not been properly implemented, for instance J2EE with Netbeans, Ruby on Rails, Python Django, and so on (most of which have the capability to do CSFR protection, form field sanitization, etc., built into the framework today that aids greatly in protection).
    Endpoint vulnerability, such as MiM attacks that utilize vulnerabilities in encryption technology like TLS/SSL (e.g., Transport Layer Security BEAST attack), SSL certificate collision attack (Collision attack), or simply stealing valid SSL certificates from their source (Warning over stolen digital certificates used to attack ‘Google properties’). It was recently revealed that the NSA may have weakened or broken SSL/TLS security for the web (Has the NSA broken SSL? TLS? AES? | ZDNet).
    Denial of service type attacks (Slow/HTTP DoS, DDoS, etc.), which often take advantage of problems in the web server applications themselves (Slowloris) or poorly configured DNS servers (DNS Amplification Attacks).
    Broader web server application vulnerabilities, such as those being exploited by the Blackhole Exploit Kit (Linux/Cdorked.A – A new Apache backdoor is being used in the wild to serve Blackhole).

  • #54289
     Henry864 
    Participant

    In information security circles, 2014 has been a year of what seems like a never-ending stream of cyberthreats and data breaches, affecting retailers, banks, gaming networks, governments and more.

    The calendar year may be drawing to a close, but we can expect that the size, severity and complexity of cyber threats to continue increasing, says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members.

  • #54290
     Henry864 
    Participant

    Cyber criminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends. In information security circles, 2014 has been a year of what seems like a never-ending stream of cyberthreats and data breaches, affecting retailers, banks, gaming networks, governments and more. The calendar year may be drawing to a close, but we can expect that the size, severity and complexity of cyber threats to continue increasing, says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?