• 18 Jan 2008

    My articles from this week

    Here are my information security articles from this week that you may be interested in.Web application hacking: Inside the mind of an attacker Cross-site scripting 101: XSS attacks plague Web browsersFor all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 21 Dec 2007

    My articles from this week

    Here are my information security articles from this week that you may be interested in. Locking Down Today's Data Centers Cracking passwords the Web application way Basic SQL Server security principles you can't afford to miss For all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html. Enjoy!...

    Continue Reading...
  • 17 Oct 2007

    Don’t test your Web applications because they’re too critical…? What!?

    I can't tell you how many times I've come across network managers who choose to ignore their most critical business applications - all in the name of system uptime. I had a recent event that sparked this very post. The general perception is "We haven't tested our e-commerce/online banking/employee portal/ fill-in-the-blank Web application for security vulnerabilities - we're afraid it may go down if it's hit too hard..." My initial ...

    Continue Reading...
  • 07 Sep 2007

    How secure is your law firm’s extranet?

    Do you work for a law firm that provides a client Web portal that houses extremely sensitive case information (or other similar system that allows a client to manage their own data)? If so, chances are there are weaknesses in the system waiting to be exploited. Be it the commonly-used SharePoint or any other commercial or home-grown system, all it takes for someone with ill intentions to create a problem ...

    Continue Reading...
  • 05 Sep 2007

    Why I love testing Web applications

    I get the question "What part of security do you like the best?" quite often. The first part of my response is always "security testing". Any given network has lots of weaknesses - regardless of how much it's locked down and I love trying to find and point out all the flaws. [My wife used to say I was really good at pointing out other flaws, but I've since worked ...

    Continue Reading...