Monthly Archives: October 2007
Myth Buster II: We’ve Never Been Hacked
“We’ve never been hacked.” Those words are generally what let IT people sleep at night (or take long breaks to go play Guitar Hero). While it gives everyone a nice warm, fuzzy feeling like a lolcat, how would you know that it is true? Cause you haven’t had a customer complain about a strange transaction? [...]
Myth Buster I: Input Validation is a Panacea
Till a couple of years ago, the input validation wand could be waved to solve almost any application security flaw – XSS, SQL Injection, Response Splitting, and the list goes on. That made it easy to become an application security consultant. If you could chant the “Input Validation” mantra you would be right most of [...]
Mobile Security: Passwords (you are still the weakest link)
Here at Intrepidus Group, we do a lot of mobile application security reviews. Much like standard web application reviews, some clients consistently turn out very secure apps. However some apps have a detailed finding list longer then a copy of War and Peace. One trend can often be seen across applications regardless of the client’s [...]
Baiting the Hook, Sneak Peek at PhishMe.com
If you’ve been noticing a little silence on the blog recently, it’s been because a lot of the ranting has been going into developing what we think is a great anti-phishing user awareness tool. Take a peek at our main site at www.PhishMe.com Conducting ethical phishing attacks has never been easier. User awareness will be [...]
