This is Serge Truth's Typepad Profile.
Join Typepad and start following Serge Truth's activity
Join Now!
Already a member? Sign In
Serge Truth
Recent Activity
Applications can be protected from ShellShock and other similar vulnerabilities by following secure application development best practices that are used to prevent Command Injection vulnerabilities. ShellShock is a special type of Command Injection. What makes ShellShock different from other Command Injection vulnerabilities is that it is caused by using a... Continue reading
Posted Oct 9, 2014 at Application & Cyber Security Blog
Code Injection vulnerabilities are often easy to exploit and because they allow attackers to execute arbitrary PHP code using the application’s own privileges, they can result in a lot of damage. They are typically exploited to upload some kind of backdoor to the application server. Once the backdoor has been... Continue reading
Posted Jan 9, 2014 at Application & Cyber Security Blog
Command Injection vulnerabilities are extremely dangerous, often easy to exploit, and give attackers the ability to execute operating system commands with the privileges of the web application user. These properties allow Command Injection to be scaled up to build botnets, so it is very important to take measures to prevent... Continue reading
Posted Dec 19, 2013 at Application & Cyber Security Blog
One of the most effective overall application security controls is input validation, which checks user input to determine if it is valid data. For example, an input field for a person's first name might reject the string "';DROP TABLE users" as invalid because it doesn't meet the criteria defined as... Continue reading
Posted Nov 21, 2013 at Application & Cyber Security Blog
An important step in hardening the PHP environment is configuring the php.ini file properly and disabling functions that may be useful to an attacker but not necessary to the application. However, make sure that PHP is patched at least to version 5.4.0 because major security-relevant changes have been made beyond... Continue reading
Posted Oct 31, 2013 at Application & Cyber Security Blog
PHP is the most commonly used web application framework and the level of security it provides is often debated. However, what is factual is that it has no default security mechanism. Identical PHP applications are often widely deployed, so a vulnerability in a single application can result in a large... Continue reading
Posted Oct 8, 2013 at Application & Cyber Security Blog
What to Check For Ensure that accounts are locked after consecutive failed login attempts. Why Multiple, consecutive failed authentication attempts over a short period of time are a symptom that is used to detect when an account is under attack. Locking out the account prevents the attacker from compromising and... Continue reading
Posted Oct 4, 2011 at Application & Cyber Security Blog
Serge Truth is now following The Typepad Team
Sep 26, 2011