After reading the title you may say to yourself “Oh no, another <<secure login script>> article! Aren’t there enough already online?”. Yes there are, but unfortunately many tutorials (if it’s appropriate to call them so) only show you how to write SQL Injection free code. But that isn’t enough. What about brute force (dictionary, hybrid) attacks? Or how about making your admin panel (user panel) CSRF free? Well this article will try to deal with those issues too.
(continue)
Hopefully as you may have noticed, on a daily basis more and more of our (users) privacy is stripped shamelessly away by almost every website out there.
And so you don’t think I am speaking in a hypocritical manner, I admit I strip as well a part from your privacy, with the simple Google tracker I have inside my web pages… but for those that do care about their anonymity this is not an issue.
(continue)
Today DamnVulnerableLinux version 1.5 was released, linux distribution that offers a learning environment directly out of the box.
(continue)
How many times did you check a web application of yours with a security auditing tool?
I can tell you that I did it a couple of times. And as usual it always hit me with the same warning: ‘the login information is sent in plain text to …php’, or something of sort.
(continue)