Tag Archives: vulnerabilities

VULNERABILITY N+1

VULNERABILITY N+1. AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists.  That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).”  The love of lists is rooted deeply in our culture. We loved the […]

WHAT KIND OF SECURITY ASSESSMENT DO I NEED?

What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose […]

9 QUICK TIPS TO IMPROVE WEAK AUTHENTICATION

Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration […]

Has The OWASP Top 10 Been Effective For Web Applications?

Author: Todd Becker, PCI QSA, ISO 27001 Auditor OWASP just released a new Top 10 for 2013, updating the list of key web application security weaknesses to reflect the evolution of the highest risk vulnerabilities. While everyone loves a good top 10 list, the fundamental question I wrestle with is, has the OWASP Top 10 been […]

CVE-2012-6342: Atlassian Confluence – Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

CVE-2012-6342: Atlassian Confluence Product: ConfluenceVendor: AtlassianVersion: 3.0 / CurrentTested Version: 3.4.6Vendor Notified Date: June 31, 2011Release Date: September 19, 2012Risk: MediumAuthentication: Depends on configuration.Remote: Yes