Baptiste Assmann Baptiste Assmann | Feb 10, 2016 | SECURITY, TECH
One of the biggest security challenges that companies face in today’s modern climate is the POST attack. Unlike a more traditional “Denial-of-Service” attack, POST attacks target a servers logical resources – making them particularly powerful...
Baptiste Assmann Baptiste Assmann | Jun 9, 2015 | SECURITY, TECH
SSL/TLS and HSTS SSL everywhere is on its way. Unfortunately, many applications were written for HTTP only and switching to HTTPs is not an easy and straight forward path. Read more here about impact of TLS offloading (when a third party tool perform TLS in front of...
Baptiste Assmann Baptiste Assmann | Oct 15, 2014 | SECURITY, TECH
SSLv3 poodle vulnerability Yesterday, Google security researchers have disclosed a new vulnerability on SSL protocol. Fortunately, this vulnerability is only on an old version of the SSL protocol: SSLv3 (15 years old protocol). An attacker can force a browser to...
Baptiste Assmann Baptiste Assmann | Sep 30, 2014 | SECURITY, TECH
Bash Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) Last week, a vulnerability in bash has been discovered. It is possible, under some circumstances, to inject code into a bash shell script. It could be very dangerous if bash is used to process request...
Baptiste Assmann Baptiste Assmann | Jan 30, 2014 | SECURITY, TECH
SSL offloading SSL offloading or acceleration is often seen as a huge benefit for applications. People usually forget that it may have impacts on the application itself. Some times ago, I wrote a blog article which lists these impacts and propose some solutions, using...
Baptiste Assmann Baptiste Assmann | May 8, 2013 | SECURITY, TECH
Apache Cdorked.A backdoor This is a pretty recent attack, using Cpanel to change the Apache httpd binary by a compromised one which embeds a backdoor. A few articles with more details are available here: *...
