Entries by Adrian McLean

OWASP Top 10 Application Security Risks 2017

The OWASP Top 10 for 2017 is based primarily on 11 large datasets from firms that specialise in application security, including 8 consulting companies and 3 product vendors. This data spans vulnerabilities gathered from hundreds of organisations and over 50,000 real-world applications and APIs. The Top 10 items are selected and prioritised according to this […]

IT Security Incident but no incident response capability?

This is a list of the major steps that should be performed when an IT professional believes that a serious incident has occurred and the organisation does not have an incident response capability available. Document everything. This effort includes every action that is performed, every piece of evidence, and every conversation with users, system owners, and […]

Multiple Vulnerabilities in Apple Products

Multiple vulnerabilities have been found in Apple products that could allow for arbitrary code execution Multiple vulnerabilities uncovered in watchOS, iOS, tvOS, macOS, iCloud for Windows, and iTunes for Windows and Safari, the most severe of which could allow for arbitrary code execution. watchOS is the mobile operating system for the Apple Watch and is based […]

IoT Attack Surface Areas

IoT Attack Surface Areas Attack Surface Vulnerability Ecosystem (general) Interoperability standards Data governance System wide failure Individual stakeholder risks Ecosystem Access Control Implicit trust between components Enrolment security Decommissioning system Lost access procedures Device Memory Cleartext usernames Cleartext passwords Third-party credentials Encryption keys Device Physical Interfaces Firmware extraction User CLI Admin CLI Privilege escalation Reset […]

How to 301 Redirect All Requests on Google App Engine

We need two files to set this up: app.yaml is the configuration file for the app. main.py is a redirect script. app.yaml application: your-app-name version: 1 runtime: python27 api_version: 1 threadsafe: no handlers: – url: /.* script: main.app main.py import webapp2 class MainPage(webapp2.RequestHandler): def get(self): self.redirect(“https://yourwebsite.com”, permanent=True) app = webapp2.WSGIApplication([ (‘/.*’, MainPage), ], debug=True)