Not too long after Amazon launched their cloud protection WAF the Microsoft Azure Web Application Firewall (WAF) has been made generally available in all public Azure DCs. It’s a good move with the majority of websites and services moving into one of the big 3 cloud providers (AWS, Google or Azure) and the vast majority […]
Tags: azure, azure firewall, azure security, azure waf, cloud, cloud security, microsoft azure, waf, web application firewall
Posted in: Countermeasures, Web Hacking | Add a Comment
So, Agile Security? How does it fit into the new age of rapid iteration, continuous integration and continuous development? It’s an interesting discussion and personally very on point for me as I operate in an agile organisation and just today took (and passed yay me) my Scrum Master certification. The traditional silo approach of security […]
So this leak has caused quite a furore, normally I don’t pay attention to this stuff – but hey it’s JLaw and it’s a LOT of celebs at the same time – which indicates some kind of underlying problem. The massive list of over 100 celebs was posted originally on 4chan (of course) by an […]
This is a pretty interesting story, and an interesting use (or mis-use) of cloud resources. We’ve covered similar stuff before like the case when Yahoo! was Spreading Bitcoin Mining Botnet Malware Via Ads, and then more recently when the Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet. But this time it’s not malware based, […]
Tags: bitcoin, bitcoin mining, bitcoin mining botnet, bitcoin mining cloud, cloud mining, cloud security
Posted in: Network Hacking, Web Hacking | Add a Comment
There’s been a LOT of noise about this incident in the past day or two, the very definition of a cloud nightmare. Git/SVN & Project Management SaaS Code Spaces has been hacked and completely deleted by a hacker. It started off with a large scale DDoS attack (the likes of which Feedly and Evernote have […]
Security researches from the Polish firm Security Explorations have released a massive slew of PoC code and technical details on 30 Oracle Java Cloud Service Vulnerabilities. It seems like they had already reported them to Oracle, but weren’t happy with how things were handled, so have decided to go public with the weaknesses. They gave […]
Over the last couple of years Cloud Computing has started gaining some real leverage, it’s being deployed on a wide scale, it’s becoming more affordable and the platforms supplying such services are becoming more stable. Of course the natural progression of this wider adoption is the focus of the security community and naturally the bad […]
With the paradigm shifting, especially for high traffic or high availability web applications, towards cloud computing – will Cloud Security become the next big thing? We’ve already seen how you can use a cloud platform like Amazon EC2 for password cracking. So with a lot of companies moving to 3rd party cloud platforms, I’m sure […]
Tags: cloud computing, cloud computing security, cloud hosting security, cloud security, cloud security scanning, fortify, fortify 360, fortify readiness scorecard, fortify software, infrastructure security, readiness scorecard, Web Hacking, web-application-security
Posted in: Network Hacking, Web Hacking | Add a Comment
