Contents * Description * Classification * Examples * Remediation * References Description Transport Layer Security (TLS) and Secure Socket Layer (SSL) Protocols are used to establish connections between a client and server. TLS/SSL protocols underlay a significant portion of the communcation conducted between computers. Vulnerabilites in TLS and SSL protocols arise from cryptographic failures
Security awareness assessments are an effective means of gauging your employees susceptibility to clicking on suspicious links or engaging in less-than-ideal actions when it comes to handling received emails. While Maltek Solutions provides Security Awareness assessments, not every organization may have the budget to enlist an external resource. If you
Contents * Description * Classification * Examples * Remediation * References Description Applications and environments are often only as secure as their weakest user account password. To prevent initial compromise from occurring through account takeover, it is common to enforce complexity, length, and renewal requirements for passwords across an application or network. When these requirements
We have been working closely with APIsec University and are excited to announce the release of the API Security Certified Professional (ASCP) examination. The ASCP exam is a practical, hands-on evaluation designed to test a participant's knowledge of API security vulnerabilities by identifying and exploiting weaknesses in the exam applications.
Contents * Description * Classification * Examples * Remediation * References Description User Enumeration occurs on web applications when there are discrepancies in responses received from the application when sending a valid versus invalid username. User enumeration is typically found in authentication and password reset processes. When an authentication attempt on a web application fails,
Previously, we discussed the process of creating a Threat Map to identify ways in which attackers may target your organization and what you can do to begin mitigating those threats. The next step in your security journey is to conduct a Vulnerability Assessment. This process is an essential part of
While businesses are ever more connected to the outside world, they also face an increasing threat of cyberattacks. At the same time, IT security teams are under pressure to provide better protection while spending less on it. To meet these challenges, companies must move beyond perimeter-based security and look at
Password security is a critical aspect of our digital lives. With the ever-increasing amount of sensitive information stored online, we must protect ourselves from cyber threats by using strong, unique passwords for each of our accounts. However, remembering all of these passwords can be a challenge. Through our security engagements
There has been an increase in the number of scam emails originating from PayPal. In these instances, the target victim receives an email about a transaction that requires payment. The transaction usually lists some expensive item or items and is meant to invoke a sense of panic due to the
There's no question about it, PortSwigger's Burp Suite is the de-facto tool for testing web applications for security vulnerabilities. It's far from a "fire-and-f0rget" tool, which means that it take a lot of getting used to in order to make effective use of everything that the tool has to offer.
Too often, I've started a web application penetration test with one set of user credentials, a target application URL and it's off to the races. Not long after starting the test, it becomes apparent that I'll need at least one more set of credentials in order to properly test all