February 2009 - The HP Security Laboratory Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
February 2009 - The HP Security Laboratory Blog
The HP Security Laboratory Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
SSLv3/TLS Renegotiation Stream Injection
Top Five Web Application Vulnerabilities 10/27/09 - 11/8/09
Now Hiring: HP Security Center Pen Tester
Take your %00 and shove it
HP Application Security Center at OWASP DC 11/11-13
Tags
Ajax
Application Security Center
breach
Cross-Site Scripting
data breach
hacked
hackers
Headers
HIPAA
HTML Injection
HTTP
Information Disclosure
Input Validation
JavaScript
Malware
Microsoft
Password Security
Personal Health Information
Privacy
Research
SQL Injection
vulnerabilities
Web Application Security
Wordpress
XSS
View more
Archives
May 2009 (5)
April 2009 (5)
March 2009 (5)
February 2009 (6)
January 2009 (7)
December 2008 (2)
November 2008 (1)
August 2008 (1)
June 2008 (1)
January 2008 (1)
December 2007 (2)
November 2007 (5)
October 2007 (1)
August 2007 (2)
July 2007 (2)
April 2007 (1)
March 2007 (1)
January 2007 (2)
December 2006 (1)
November 2006 (1)
October 2006 (2)
July 2006 (4)
June 2006 (5)
May 2006 (1)
April 2006 (2)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
Scrubbr - New Stored XSS Finder
Aspect Security has just released, through OWASP , a new tool called " Scrubbr ". Scrubbr is a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS...
Published
02-23-2009 4:56 PM
by
Chris Sullo
Filed under:
worm
,
Malware
,
XSS
,
JavaScript
,
Input Validation
Attacks on U.S. government computer networks are on the rise
According to 'federal records', there was a 40% increase in attacks on U.S. government computer networks last year. That's a really raw number, especially when considering the number of 'successful' attacks aren't released, only...
Published
02-18-2009 9:37 PM
by
mark.painter
The security industry should hold itself to higher standards
At a previous job I worked on the application testing side of web security—breaking in-house/contract built applications, commercial off-the-shelf (COTS) applications, appliances, and partner’s sites (which were built with all of the above). While most...
Published
02-13-2009 8:15 PM
by
Chris Sullo
Filed under:
vulnerabilities
Use protection (and common sense) this Valentine's Day
Cupid's arrow might have a little more sting than usual this year. Hackers are getting better and better at masking their intentions and taking advantage of people's desires, whether that's for love, friendship, or just something to read on...
Published
02-13-2009 6:25 PM
by
mark.painter
Prajakta Jagdale at ShmooCon: Blinded by Flash - Widespread Security Risks Flash Developers Don't See
ShmooCon begins today in DC, and as usual, they have lined up an informative and topical schedule of security talks. The HP Web Security Research Group's own Prajakta Jagdale is scheduled to speak on Saturday at 2pm about the security of applications...
Published
02-06-2009 8:36 PM
by
mark.painter
Filed under:
Shmoocon
,
Prajakta Jagdale
,
Flash
Educating the Massess About Security
In my last post I talked about zombies and warnings and such (and, ok, a little bit about security). I'm not too surprised at the press the sign changing is getting, since traffic and driving are things the vast majority of us deal with. However,...
Published
02-06-2009 6:35 PM
by
Chris Sullo
Filed under:
Password Security
,
Information Disclosure
Privacy Statement