Article Search Engine
Articles tagged with SECURITYOWASP Top 10 and your Recruitment Website - Part 18:30am Monday 09 August 2010
Tags: user authentication website security form design hacking login session management broken authentication cross-site scripting xss sql injection owasp job board recruitment website security dmitry kulshitsky OWASP has recently updated their list of the top 10 most prevalent security vulnerabilities. Since this list covers all major aspects of computer security it is interesting to check what are the issues that are relevant to a typical recruitment website or job board and (exercising the 80/20 rule) what are the key questions we should ask ourselves (or our IT/security staff) to be sure that we don't miss anything critical.
read more...You Are Here!1:58pm Monday 28 June 2010
Tags: geolocation foursquare geolocation api google maps candidate stalking location services api html5 security online recruitment Soon, all browsers will support the HTML5 Geolocation API by default. Geolocation is the core function behind sites like Foursquare which can work out where you are located. I have previously talked about using Geolocation services used for sourcing or stalking candidates, but it does have some other uses in online recruitment.
read more...Is your job board PCI DSS compliant?8:30am Monday 07 June 2010
Tags: mastercard visa security credit card payments data security standard payment card industry compliance job board pci dss pci dss access controls The most common method job boards use to accept payments is via a credit card. If you accept, process or store credit card information, you have to accept the responsibilities of being PCI compliant.
read more...Please review my CV - Trojan Horse10:35pm Tuesday 11 May 2010
Tags: candidate resume trojan sasfis trojan horse security resume virus antivirus software recruitment website job board resume virus Do you virus scan all candidate resumes and other documents before you open them? Chances are YOU may be the perfect candidate these people are looking for.
read more...Are you using WordPress for your Recruitment Website? Check your security12:01pm Monday 19 April 2010
Tags: wordpress job board software web application security database password network solutions directory listings insecure software hack wordpress recruitment website wordpress security Do you use WordPress? Are you aware of the security implications around the software? Over the past week, thousands of WordPress websites have been compromised with malicious malware code inserted into the database
read more...How secure is your Recruitment website? Part 5 - Cross-site scripting (XSS)8:00am Tuesday 30 March 2010
Tags: dmitry kulshitsky defacement how secure is your recruitment website security job board insecure recruitment websites xss cross site scripting untrusted data According to OWASP, cross-site scripting (XSS) flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
read more...jobs.govt.nz igovt login system5:30pm Tuesday 15 December 2009
Tags: user authentication identity management systems identity theft user system password username mycareer fairfax digital security facebook connect openid ivs government jobs jobs.govt.nz government new zealand government identiy verification system igovt login igovt Over the past few years, the New Zealand government has been working on a single all-of-government logon service (igovt) and identity verification service (IVS). This will allow users to use the same logon details to access all participating government service provider's online services.
read more...Rejecting Candidates based on IP Address2:48pm Friday 30 October 2009
Tags: job site job board migration pay for performance overseas candidate candidate rejection security discrimination ip blocking ip address rejection candidates We now rely on using technology in the recruitment process more than ever. But should we place 100% of our trust in rejecting candidates based solely on their IP address?
read more...Is your Job Site redirecting Candidates to insecure websites?5:30pm Wednesday 07 October 2009
Tags: vulnerability sql injection privacy mysql exploit encryption email database phishing blacklist malware md5 hash php script security safety recruitment website job board google safe browsing api hacking api identity theft Have you ever clicked on what you thought was a safe website URL and then all of a sudden your browser/antivirus software blocks the webpage? Every day, I am alerted to yet another recruitment website falling victim to some sort of security incident. If you own or manage a website, YOU are responsible for your website’s security and have an implied "duty of care" to provide safe 3rd party links.
read more...How secure is your Recruitment website? Part 4 - SQL Injection11:17am Wednesday 19 August 2009
Tags: identity theft database security apostrophe hack testing job search form insecure sql injection malicious code recruitment websites job board security hacking Database security is a huge issue at the moment - imaging having your whole database stolen and distributed to your competitors or being used for identity theft? SQL Injection attacks present a serious threat to the security of a recruitment website and it is essential that adequate countermeasures are taken to prevent such an attack from being successful.
read more...My job site has been hacked. What do I do?10:16pm Sunday 05 July 2009
Tags: drupal wordpress security breaches recruitment website information security privacy.gov.au defacement personal information hacking insecure malicious code job board security google webmaster tools damage control If you think your website is safe, think again. Over the weekend 6 job sites were hacked and defaced. One of the first things that comes to my mind when I see that horrible “You’ve been hacked” message is… I wonder what information has been stolen? passwords, contact details, resumes, credit card/banking details, etc.
read more...How secure is your Recruitment website? Part 3 - Hidden iframe injection6:06pm Thursday 18 June 2009
Tags: hacking security job board recruitment websites malicious code iframe injection hrcareers.com.au ahri virus insecure twitter malware A new malware attack has been making the rounds recently. It has infected a number of recruitment web sites, job boards and hosting servers. If you suddenly find that your website is triggering your anti-virus software and flagging it as a “dangerous site”, the culprit may be the hidden iframe injection hack.
read more...How secure is your Recruitment website? Part 2 - URL Manipulation1:20pm Saturday 06 June 2009
Tags: url hacking url manipulation security hacking recruitment website job board insecure url rewriting URL manipulation is a common issue faced in all database driven sites such as job boards, resume databases, blogs or any other site where parameters are passed via the URL. By manipulating certain parts of a URL, users may be able to access files they are not supposed to have access to.
read more...How secure is your Recruitment website? Part 1 - Server Directory Listings9:08pm Thursday 28 May 2009
Tags: server directory listings monster careerone insecure job board recruitment website rcsa hacking security Every day, I am informed of another insecure recruitment website. How could this still be possible? The economic downturn has lead to an increase in data theft, with recruitment agencies one of the easiest targets. Information is an asset that, like other important business assets, has value.
read more...HTML Special Character #39 - The Apostrophe11:23am Friday 15 May 2009
Tags: absolute archijobs clements dfp recruitment greythorn jobsjobsjobs jobs.co.nz jobspeed legal jobs centre linkme ross human directions scott recruitment talent2 apostrophe html special characters job board recruitment agency online recruitment search form testing security hacking If you do not encode special characters in web forms, you run the risk of breaking the search query or the ability to insert malicious code into the database. Hackers can infiltrate your website, potentially stealing confidential data or deleting the database. I am not going to go into the technical reasons why this happens, but in most cases it is a very easy fix.
read more...RCSA website security will become an industry nightmare3:48pm Thursday 05 February 2009
Tags: phishing scam online recruitment privacy test hacking security rcsa rcsa.com.au drupal database We have uncovered various security errors with the new RCSA http://www.web.rcsa.com.au website within 5 minutes of playing with it. Originally set for release in Oct 2008, the question is now - when, if ever it is to be released? We reported on finding the test site back in Dec 2008 "Reminder to all... Do not put your test website online" http://www.recruitmentdirectory.com.au/Blog/reminder-to-all-do-not-put-your-test-website-online-a27.html
read more...What is OpenID and how can we use it11:37pm Sunday 01 February 2009
Tags: website design openid.net online recruitment security password username openid OpenID http://www.openid.net is a decentralized, lightweight protocol for single sign-on and portable identity that is causing a massive transformation in today's internet. More than 25,000 Web sites currently accept OpenID, with double digit month over month growth. If you know of any recruitment sites that are accepting OpenID please let me know.
read more...Monster hacked again plus information on security terminology8:19pm Wednesday 28 January 2009
Tags: tips audits denial of service attacks phishing testing security hacking monster spyware malicious ere.net It has been widely reported online and readers would have known by now that Monster http://www.monster.com websites have been hacked. Confidential information has been downloaded, maybe malicious scripts have been uploaded, who knows what else has been done. But the question is... WHY? Why has the site been hacked in the first place. We understand that Monster has recently undergone a site upgrade - but still, that’s NO EXCUSE for not protecting confidential information. Let’s look at common terminology on the types of computer security incidents, and computer security evaluation methods.
read more...Was the NSW Government Job Board Hacked?8:34pm Monday 26 January 2009
Tags: online recruitment hacking nsw government job board scam security The news is currently reporting that the NSW Government's Job Board http://jobs.nsw.gov.au website has been hacked. The site is currently offline and undergoing security testing and maintenance. Am I surprised by the lack of security around job boards and recruitment websites? No, no, no!!!
read more...Become an expert on your competitors 12:45am Thursday 15 January 2009
Tags: rcsa competitors rentacoder ambush marketing online marketing security test destination talent In business, having competitors goes with the territory. There’s almost always someone selling the same product or service you are selling, or at least trying to solve the same customer problem you solve.
read more...Secure your website!!!8:00pm Monday 15 December 2008
Tags: security hacking rcsa shortlist How many times do you have to tell people that your website MUST BE SECURE?? I have reported this previously to the owner of this leading Recruitment Agency, but it has STILL not been fixed. LISTEN...this is very important and MUST be a top priority, no matter what the cost is. Not only is your directory listings turned on, but you have exposed your server and databases username/password!!!
read more...
