Article Search Engine
Articles tagged with INSECUREHow secure is your Recruitment website? Part 5 - Cross-site scripting (XSS)8:00am Tuesday 30 March 2010
Tags: dmitry kulshitsky defacement how secure is your recruitment website security job board insecure recruitment websites xss cross site scripting untrusted data According to OWASP, cross-site scripting (XSS) flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
read more...How secure is your Recruitment website? Part 4 - SQL Injection11:17am Wednesday 19 August 2009
Tags: identity theft database security apostrophe hack testing job search form insecure sql injection malicious code recruitment websites job board security hacking Database security is a huge issue at the moment - imaging having your whole database stolen and distributed to your competitors or being used for identity theft? SQL Injection attacks present a serious threat to the security of a recruitment website and it is essential that adequate countermeasures are taken to prevent such an attack from being successful.
read more...My job site has been hacked. What do I do?10:16pm Sunday 05 July 2009
Tags: drupal wordpress security breaches recruitment website information security privacy.gov.au defacement personal information hacking insecure malicious code job board security google webmaster tools damage control If you think your website is safe, think again. Over the weekend 6 job sites were hacked and defaced. One of the first things that comes to my mind when I see that horrible “You’ve been hacked” message is… I wonder what information has been stolen? passwords, contact details, resumes, credit card/banking details, etc.
read more...How secure is your Recruitment website? Part 3 - Hidden iframe injection6:06pm Thursday 18 June 2009
Tags: hacking security job board recruitment websites malicious code iframe injection hrcareers.com.au ahri virus insecure twitter malware A new malware attack has been making the rounds recently. It has infected a number of recruitment web sites, job boards and hosting servers. If you suddenly find that your website is triggering your anti-virus software and flagging it as a “dangerous site”, the culprit may be the hidden iframe injection hack.
read more...How secure is your Recruitment website? Part 2 - URL Manipulation1:20pm Saturday 06 June 2009
Tags: url hacking url manipulation security hacking recruitment website job board insecure url rewriting URL manipulation is a common issue faced in all database driven sites such as job boards, resume databases, blogs or any other site where parameters are passed via the URL. By manipulating certain parts of a URL, users may be able to access files they are not supposed to have access to.
read more...How secure is your Recruitment website? Part 1 - Server Directory Listings9:08pm Thursday 28 May 2009
Tags: server directory listings monster careerone insecure job board recruitment website rcsa hacking security Every day, I am informed of another insecure recruitment website. How could this still be possible? The economic downturn has lead to an increase in data theft, with recruitment agencies one of the easiest targets. Information is an asset that, like other important business assets, has value.
read more...
