Stuxnet Nuclear Explosion

Story: The Story of Stuxnet [01:40] In June 2010, a infected computer was discovered with a unknown strain of malware would end up kicking off a year long investigation that redefined the term cyber warfare.   While many of the anti-virus and security communities opted for sidelining research on the newly discovered malware dubbed Stuxnet by […]

Read more
Keeping Secrets Secrt

OWASP #6 Preventing Sensitive Data Exposure – Part 3   This is part 3 of Sensitive Data Exposure (keeping secrets, secret). If you missed part 1 or part 2 which deals with properly storing user credentials and securing data at rest,  you can read them independently.  In this final part, we’re going to look at […]

Read more
Feature image of interview with Dave Rael

Dave Rael is a dedicated father and husband and a seasoned software professional. He specializes in building distributed systems and understanding problem domains, especially via Domain-Driven Design and Behavior-Driven Development. Outside work, he’s usually playing with kids, playing basketball, lifting weights, coaching youth sports, and enjoying dirty jokes. He blogs at optimizedprogrammer.com about writing software and getting […]

Read more
Hacked Login Form

Setting up SSL/TLS on sites has gotten easier and cheaper, but it has always been the Achilles heel for a lot of web developers. One of the most common problems is not serving the login landing page over HTTPS. Developers need to understand why it is important to serve the login landing page over HTTPS […]

Read more
Data Protection with Fingerprint

In part 1 we started the discussion about keeping secrets secret, which is the theme of the Open Web Application Security Project’s (OWASP) #6 most critical risk for web applications, sensitive data exposure. In that first part we discussed proper user credentials storage. In this part we will continue that discussion with a focus on encryption […]

Read more
Kevin Mitnick The Notorious Hacker

In everything we do, despite how creative, the level of ingenuity or how cutting edge, there is always an historical flavoring, that is ever present, that comes from the pioneers that came before us.  I am talking about the trail blazers that have helped allow us to get where we are, or helped shaped the […]

Read more
Black Wednesday

In the chaos that ensued from the Operation Sony, the explicit attack by the hacktivist group Anonymous on the corporation conglomerate Sony, which mainly consisted in DDoS attacks on the Sony Playstation Network (PSN), someone slapped Sony with the homage of “pwned” when they circumvented Sony’s network and made off with over 77 millions user […]

Read more
Portrait Sijmen Ruwhof

Not all security analyst out there have a strong development background that help them relate to the developers perspective.  But when security analyst do, it translates in their capabilities to not only approach their analysis, but also in their teaching and training to developers, you know the ones writing the potentially vulnerable code?  Well, I got […]

Read more
Avid Life Media hacker's message

In August of 2015, Avid Life Media received a stunning ultimatum from some unknown hackers to shut down various sites after having breached the controversial cheating site Ashley Madison or face the concequences of having tens of gigabytes of customer information, source code, company emails and other sensitive data be released to the public. Little […]

Read more
Hacker working at computer

In 2008 Heartland Payment Systems discovered it was the victim of a breach that equated to approximately 130 million credit cards stolen.  At the time, it was the largest company breach and was directly the cause of a SQL injection vulnerability found on the company’s website established nearly 8 years prior. But the story actually […]

Read more