Application Security, Inc. (AppSecInc) has pioneered database security, risk, and compliance solutions for the enterprise. AppSecInc empowers organizations to assess, monitor and protect their most critical database assets in real time, while simplifying audits, monitoring risk, and automating compliance requirements. As the leading provider of cross platform solutions for the enterprise, AppSecInc’s products – AppDetectivePro [...]
SQL Injection Attacks Skyrocket, Microsoft Attack Surface Analyzer Released and more
August 3, 2012 By Leave a Comment
SQL Injection attacks rose 69% in Q2 according to cloud provider, FireHost. They saw almost 470k attacks in this quarter (as opposed to 277k attacks in Q1. The senior security engineer believes this is due to the lack of security involvement in many software development lifecycles. Via InfoSecurity Magazine, more here. Dropbox left itself open [...]
Passwords Suck: Learn about and use multi-factor authentication
February 13, 2012 By Leave a Comment
Passwords suck. They are long, hard to remember (even if you have easier-to-remember phrases), moreso when new, and are largely a difficulty for users to user properly. Combined with the fact that many users choose easy-to-guess or easy-to-ascertain passwords based off of commonly-known facts about themselves and that they will try all of their passwords [...]
An Analysis of A NASA Dbase Hack-and-Dump
February 7, 2012 By 2 Comments
[Editor's note: this analysis predates any official announcements by NASA] Recently, some news of a NASA hack-and-dump passed my twitter deck. I decided after watching a few of my friends re-tweet the news that it might be worth checking out. At least I’d see if I could perform some password analysis on any dumped credentials, [...]
Only 18% of Software Apps Pass Security Tests
December 10, 2011 By Leave a Comment
Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s online security testing platform for independent security auditing and 8 out of 10 failed to achieve an acceptable level of security on their first try. Veracode reached this conclusion by automatically checking submitted apps for over 100 types of flaws. [...]
Walking Through The Front Door: SQL Injections
April 27, 2011 By Leave a Comment
Walking Through the Front Door Many corporations today have become dependant upon their websites. Where once websites were simply information portals or advertisments for their owners, they have transformed into something far greater. Today companies all over the world rely on their websites to log in remotely, provide news and information to employees and [...]
