2Q report by IBM X-Force, 23% of websites vulnerable.

CSRF or Cross Site Request forgery is the highest likely method of attack Broken Authentication is second And cross-site scripting(XSS) is third SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types.   The IBM report at X-Force blog  recounts the challenges a web application scanner has as to … Read more

more pentesting tools in the toolkit

Hydra, w3af, Scapy    are all good as well. We can create our own scans using scapy – as we can create our own scan reviews depending on the environment that we need to look at. to make this work – one really needs to understand the tcp networking  from rfc793 contact us to learn … Read more

Pentesting – what is it actually?

Penetration testing are several acts on various computers and systems.   First in “recon”  one checks the public profile of the company. Use scan tools, nmap, hping, scapy, burp suite,  and others to check the target computers out.  (this is the Alpha scan)   Then one can use a few pre-built tools to review vulnerabilities … Read more

The challenges of Security in a map

This is one of the many mindmaps from Aman Hardikar: You can see that it is not only network firewalls and websites that need to be reviewed.   A security architecture needs to be developed from security principles within procedures and goals laid out within business objectives.  

How would you know if your website was targeted by hackers?

The _only_ way is to test your site… review your potential services and programs running on the website Use the alpha service evaluation sample Or try the Sigma (∑) service evaluation sample   either way you will have a better picture of your hacker liability today. Contact Us