This article explores how you can locate Insecure direct object references (IDORs) using Burp Suite. Primarily, there are two ways to test the IDOR flaw, manual and semi-automated. For automation, this article focuses on the Autorize Plugin in Burp Suite.
Malicious actors always try to be creative and find new ways to trick people into a scam. In this case a new website is offering 75% discount on all Timberland shoes. The information looks almost identical to the original page, but when looking closer questions start to pop.
I enjoy being editor and managing this blog so much, I thought I'd share some of the best blogs of 2021. 2022 is right around the corner, but it's also a good time to look back at some 2021 highlights!
Defense strategies have evolved as hackers have changed their schemes, and one new approach companies are putting into practice for their security plan is data-centric security. Older security models focused on network infrastructure and hardware security controls while data-centric security concentrates on the data itself. This means data should be secure at all points regardless of where it is stored, processed, or where it is in transit.
In the last 18 months, many people have learned a lot about themselves. The solitude of lockdowns, isolation, remote work, and seemingly endless video meetings have taxed everyone’s mental health. One would think that cybersecurity would have been unaffected by these shifts in working environments and habits. After all, many of us are introverted by nature, which is one of the reasons often cited as why we gravitated towards technology as our chosen path.
Log4Shell is a high severity vulnerability (CVE-2021-44228) impacting Apache Log4j versions 2.0 to 2.14.1. It was discovered by Chen Zhaojun of Alibaba Cloud Security Team and disclosed via the project´s GitHub repository on December 9, 2021.
The holiday season is a hectic time for businesses but this year has brought additional challenges in supply chain delivery and staffing shortages. Yet spending is still expected to increase, and businesses must be prepared to capitalize on this holiday season and close out the year strong. Endpoints can play a vital role this holiday season by providing visibility into inventory levels, allowing self-service transactions, and granting access to critical business applications.
In 2020, I published an AT&T blog called “Top Cybersecurity Trends & Predictions for 2020’”. In the article I had forecasted that cybersecurity would become even more of a strategic priority for companies as the cost, sophistication, and lethality of breaches would continue to rise.
Retailers around the world are preparing for a chaotic holiday season. Supply chain disruptions are causing issues, and the ongoing COVID-19 pandemic is something retailers need to keep in mind, especially when operating a brick-and-mortar location. Another pressing issue that retailers of all sizes need to address before the peak of the holiday season is the risk of facing a cybersecurity crisis.
The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM.
Recently I received a call on my personal cellphone. The call started out as many do; with a slight pause after I answered. Initially I assumed this pause was caused by whatever auto-dialer software the spammer was using to initiate the call before their text-to-speech software starts talking about my car’s extended warranty. Once the pause was over, however, I was surprised by a very human voice.
