by Bhaumik Shah | Apr 3, 2018 | InfoSec Strategies
File inclusion vulnerabilities, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) are most commonly found in web applications running PHP scripts, but also frequently occur in JSP, ASP and other code. They allow an attacker to submit input to the...
by Bhaumik Shah | Mar 22, 2018 | InfoSec Strategies, Penetration Testing
If your development teams have moved away from a waterfall approach to a more modern agile or DevOps methodology with frequent releases or continuous integration, how can you ensure and verify application security with just the “traditional” annual penetration...
by Taylor Smith | Mar 13, 2018 | InfoSec Strategies
As malware changes over time in function, scope, and impact, researchers see different trends rise and fall as development of various kinds of malicious software “matures.” While 2017 seemed to be the year of ransomware, 2018 looks like it is going to be dominated by...
by Feather Bokker | Feb 20, 2018 | InfoSec Strategies
ISO 27001 and other security frameworks generally mandate, in one form or another, a risk treatment plan. Let’s take a look at the three biggest reasons why the experts think a risk treatment plan is so important. 1. Your Business Activity Always Introduces New Risks...
by Bhaumik Shah | Feb 13, 2018 | InfoSec Strategies
Enabling users to upload images, videos, documents and all manner of files is essential for many web applications, from social networking sites to web forums to intranet collaboration portals to document repositories to blog sites. But allowing users to upload files...
by Taylor Smith | Feb 1, 2018 | InfoSec Strategies
Security researchers at the Romanian cybersecurity and antivirus software vendor Bitdefender have spotted what looks like the most sophisticated and potentially deadly botnet yet—possibly signaling a change in how malicious botnets will now be utilized by cyber...
