Report: Top 25 Most Dangerous Programming Errors

Posted: January 16th, 2009

The Information Security community has been buzzing this week with talk of the newly released CWE/SANS Top 25 Most Dangerous Programming Errors. The goal of the report is to identify not just security vulnerabilities (think OSASP Top Ten), but the programming errors that create those holes.

Read More

Free tools to improve IIS security

Posted: May 28th, 2008

Here is a short and sweet list of free IIS security tools by Kevin Beaver @ TechTarget (he wrote the classic Hacking for Dummies): Port80’s HeaderCheck and other free HTTP analysis tools are mentioned  in there as well (toot-toot goes the horn), but it is a useful list of tools.  And free is nice, given […]

Read More

Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

Posted: April 28th, 2008

The recent wave of SQL injection attacks has made mainstream news, just in case you have not seen it: Hundreds of Thousands of Microsoft Web Servers Hacked Jeremiah Grossman and others have made the point, accurately, that this is not a Microsoft IIS Web server issue, but rather that Web developers not adhering to security best […]

Read More