Explore our latest blog posts and stay secure in a digital world.
Recently, I was trying to use my previously automated Nessus Automation scripts and detected they aren’t working on latest Nessus 5.2 XMLRPC.Last time, I automated network scanning tasks using XMLRPC in Perl but strange it did not work anymore with Nessus 5.2.
Now a days, I get very curious to look at view-source of website where Facebook’s Like button is embedded. But why should I do this? Isn’t facebook Like button trusted? This is right.. Huh!!! The answer is NO. If there is a mismatch in the domain (you are visiting) and facebook’s Like button then there is surely a problem and it is a spam page.
The next step is to configure ModSecurity with OWASP CRS (Core Rule Set) rules.
Cross Site Request Forgery is one of the most happening attacks over the internet today. The attackers find it easy to exploit as it does not require any authentication information, session cookies but only require the user to be authenticated to the application. And this works on every platform.
Pentesting thick client applications is not a new concept instead the techniques adopted are new and interesting. I’m a bit lazy on explaining what thick client apps are, please refer here for more info. GTalk, Pidgin, Skype, MSN are few examples of thick client applications.
We were motivated to write about it when few of our clients just instantly asked us about blocking all known malicious web attacks at web server level itself. We quickly suggested them an open source, reliable WAF solution that suffice to their requirement. Obviously, just installing WAF does not mean that you do not need application security controls.
In the process of automating network scans for large networks there is a necessity to automate Nessus scans as well. The major advantage and most important point of this automation is that it allows you to do a Schedule scan in Home Feed version (which is only available in Pro feed) and the easiest part is your scans would run as if you are running from your Nessus web interface client.
Security study has again proved that most of the web application security attacks (approx 85% as per Gartner and NIST) are generated from application layer. It has always been a challenge for developers to validate parameters in URL, HTTP header, HTP request and non-editable fields on the page.
Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!