Using a Man in the Middle (MITM) style attack and some packet manipulation, you can hack any Microsoft SQL Server and setup shop.
Digging Deeper – Striking Gold in Penetration Testing
Sometimes automated scanners cannot detect subtle vulnerabilities embedded deep inside scripts. It pays to dig a little deeper to strike vulnerability gold.
Illusions of Information Security – The Struggle for Truth
In October 1995, I finally found my calling. What I found was SQL Injection, perhaps the most prevalent web site hack still alive and well twenty years later. However, what I discovered was that my calling is not about hacking websites, but rather hacking humans.
Anatomy of a Hack: Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery is a common vulnerability that many web application scanners can miss. In this real-world example, Anitian demonstrates how multiple CSRF attacks can be chained together to create a more serious attack.
Enough with the Stunt Hacking
The time has come for the information security profession to reject stunt hacking such as the sensational car hacks that Charlie Miller and Chris Valasek performed.
PCI Compliance for the AWS Cloud
Anitian’s Workbook for PCI Compliance in the AWS Cloud takes the guesswork out of making your AWS infrastructure PCI DSS compliant.
The Battle for Endpoint Security Begins (Again)
Anti-virus may be dead, but endpoint security analytics is young, healthy, and about to pop up on your task bar in the near future.
Can Security Analytics Replace Humans?
The dream of a “self-defending” network has been alive for a decade. However, recent advances in Security Analytics technologies portend the possibility of a future where humans are removed from incident response.
PCI 3.0 Secure Authentication Requirement
The new PCI 3.0 introduces a subtle, but important new requirement for addressing security authentication and session management for web applications.
The Fatal Flaw in IT Risk Management
The spate of high profile data breaches have, if nothing else, proven that organizations are managing risk poorly. Part of the blame for that lies in a fundamentally flawed way that companies gather risk data. With the growing use of GRC portals, there is a reliance on questionnaires and surveys to gather risk data. This approach is generating flawed data and subsequently flawed risk management.
