Security research, news and guidance

Yearly Archives: 2010

Virtual patching with mod security

December 3, 2010  |  Written by Security Ninja  |   Application Security, Data Loss   |   5 Comments

Hi everyone, As someone who is responsible for operational security I think that one of the biggest challenge I have to deal with is how to keep the systems and applications up to date with no service interruptions. It is not only a question of having good patching polices or procedures that dictate how you have to patch after a vulnerability is found in your platform. The time required to analyse the vulnerability, develop a … Read more >

Agnitio v1.0.0 released today

November 19, 2010  |  Written by Security Ninja  |   Application Security, Ninja News and Updates   |   5 Comments

Hi everyone, It has been around six months since I posted any information about the security code review tool I was developing so I thought it was time for an update. To be honest if you have read the title of this blog post you will know today’s blog is bit more than just a progress update post! In April I showed you two images of a security code review tool which was about 25% … Read more >

Application Security Analyst job at Realex Payments!

November 12, 2010  |  Written by Security Ninja  |   Application Security   |   Leave a comment

Hi everyone, We don’t normally talk “business” on the Security Ninja blog but today is a bit different! We are expanding our security team and are now looking to hire an Application Security Analyst to work with myself and Angel Alonso. We are looking for someone who is genuinely passionate about security and helping us make sure security is part of everything we do at Realex Payments. The role we have advertised is a full … Read more >

Can you find the vulnerabilities? 2010 answers

November 5, 2010  |  Written by Security Ninja  |   Application Security, Ninja News and Updates   |   1 Comment

Hi everyone, I have to start this blog post with an apology; I should have posted these answers about a month ago! Thank you to James Robertson for reminding me about this! Killmonster – SQL Injection The Killmonster application has a SQL Injection vulnerability which allows users to bypass the user authentication check. The users of this application must provide a username and password to authenticate and do this by entering their credentials into a … Read more >


Look at our latest security Videos & SlideShares


Upcoming Security Events & Seminars


Check out our Podcasts & White Papers