Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Author

Bishop Fox Instructors & John H. Sawyer
Facebook
Twitter
LinkedIn
RSS
E-Mail

Profile of Bishop Fox Instructors & John H. Sawyer

Consultant
News & Commentary Posts: 5

John H Sawyer, Senior Security Analyst, InGuardians
John H Sawyer is a Senior Security Analyst with InGuardians, where he specializes in network, mobile, and web application penetration testing. John has an extensive background in intrusion analysis, forensics, and incident response. He has consulted with federal, state, and local law enforcement agencies on malware analysis, hacker attacks, and digital forensics. He is also a respected author and public speaker. John currently writes for Dark Reading and InformationWeek Magazine.

Bishop Fox Instructors
Bishop Fox is a global security consulting firm. We are the trusted advisors to the Fortune 1000, financial institutions, and high-tech startups – helping to secure their commerce, data, IT infrastructure, and intellectual property. Founded in 2005, our team is made up of dedicated individuals with a combined 400+ years of experience working in both corporate America and global security.

For more than a decade, Bishop Fox profes­sionals have been authoring best-selling secu­rity books, such as Web Application Security: A Beginners Guide, Hacking Exposed: Web Applications 3rd Edition, and Hacking Exposed: Wireless, 1st and 2nd Editions. Having actually "written the book" on many topics in our field, we consistently demonstrate that few others can truly claim subject matter expertise in the same way that we do.
Articles by Bishop Fox Instructors & John H. Sawyer

Protecting the Customer-Facing Website

10/2/2014
One of the greatest challenges in e-commerce is to build a website that is extremely easy for customers to access and use – but extremely difficult for online criminals to attack. In this session, we offer an overview of defenses against Internet-based threats -- including DDoS attacks, DNS exploits, and cross-site scripting – to help enterprises steel their sites against potential compromise.
Post a Comment

Protecting Back-End Systems

10/2/2014
Most attacks on retail and e-commerce websites are conducted by cyber criminals who want to steal large databases of personal information and credentials. In this session, we offer a closer look at the methods used to penetrate a retailer’s back-end systems – including targeted attacks on databases, DDoS “smokescreens” used to obfuscate more sophisticated exploits -- and other surprises that can happen during a DDoS attack.
Post a Comment

Protecting Performance from Traffic Spikes

10/2/2014
One of the great ironies of e-commerce is that online system security is usually at its weakest during the most critical time periods, such as the holiday shopping season. In this session, we provide counsel on the preventative and the operative measures that can be taken when traffic is at its highest – and system and human resources are stretched to the maximum.
Post a Comment

Understanding Retail Threats and Fraud

10/2/2014
To develop an effective defense against online threats, an e-commerce company must understand its attackers and their methods. In this session, we outline the various types of attackers who target online commerce, including those who prey on the corporate website and those who prey upon the customers themselves. We offer an inside look at the bad guys behind recent attacks on retail websites, as well as a discussion of fraudsters who scam customers into giving up personal information and online credentials.
Post a Comment

Monitoring Threats and Measuring Risk

10/2/2014
Once an online business has shored up its defenses against new threats, it must develop an ongoing program for monitoring its systems for potential compromises – and measuring the risk faced by the business. In this session, we offer tips for building systems and processes for tracking threat and fraud indicators, and for creating real metrics for benchmarking the current threat environment.
Post a Comment
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...