Tag Archives: vulnerabilities

VULNERABILITY N+1

AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists.  That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).”  The love of lists is rooted deeply in our culture. We loved the Top 40 […]

9 QUICK TIPS TO IMPROVE WEAK AUTHENTICATION

Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration […]

Has The OWASP Top 10 Been Effective For Web Applications?

Author: Todd Becker, PCI QSA, ISO 27001 Auditor OWASP just released a new Top 10 for 2013, updating the list of key web application security weaknesses to reflect the evolution of the highest risk vulnerabilities. While everyone loves a good top 10 list, the fundamental question I wrestle with is, has the OWASP Top 10 been […]

CVE-2012-6342: Atlassian Confluence – Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes