# Vulnerability Management

Blog

Session Management Attacks - Part two

Aug 14, 2022

Recent Posts

By Jenny R
Aug 14, 2022

Session Management Attacks - Part two

This article is the second part of the Session Management topic. The focus is on prevention practices, with one particular example of inactivity timer implementation!
By Wilson Corbett
Aug 12, 2022

Vulnerability Scanners 101: The Basics of Vulnerability Scanning

Storing data on an organization’s network is not an easy feat. Companies want their network as secure as possible, identifying loopholes and weak points to uncover and address vulnerabilities that cyber attackers can exploit. This need for protection is where Vulnerability Scanners enter the picture.
By Kent Weigle
Aug 12, 2022

CISAnalysis 12 August 2022

Zimbra Collaboration is back on CISA's shi... I mean Known Exploited Vulnerabilities Catalog. Today's theme is remote code execution without authentication.
By acephale 4w
Aug 12, 2022

Cybersecurity Awareness

Most common types of attacks. Social engineering, phishing. Ransomware.
By Paul Lighter
Aug 12, 2022

The UK’s Interesting (and Important) Strategy for National Cybersecurity

As cybersecurity increasingly becomes a national security issue, the UK approach stands out for several reasons that everyone (public and private sectors) can learn from.
By acephale 4w
Aug 11, 2022

Security Tools – Pt. 2

More security tools, and other resources.
By acephale 4w
Aug 11, 2022

Threat Inteligence - Basics

Basics about TI - Threat Intelligence, and a brief overview of Abuse.ch - a TI community platform for analysts and other security professionals.
By Jenny R
Aug 10, 2022

Session Management Attacks - Part One

In this first part of the Session Management, I have given the introduction to the topic as well as the implementation of Cookie Service and Session Storage Manager.
By acephale 4w
Aug 10, 2022

Security Tools – Pt. 1

An overview of some useful tools in the Cyberspace.
By acephale 4w
Aug 10, 2022

Primer on SQL Injection

A short primer on SQL Injection - SQLi; what is SQLi and what are some of the most common types of SQLi.
By John Kilhefner
Aug 09, 2022

Analyzing the Quantum Threat

This isn’t just another “next step” of computing… The application of emerging quantum computing tech in the cybersecurity industry will result in arguably the most significant disruption the world has ever seen. Just how can a new evolution of computing do all this? Through the strange world of quantum mechanics.
By Michael Assraf
Aug 08, 2022

An Origin Story: vsociety

Welcome to vsociety – the open, independent, and user-centered community with features built specifically to make vulnerability research shareable and actionable at scale. We don't make many self-posts, but wanted to share our origins with you...
By M /
Aug 08, 2022

Exploiting Google SLO Generator with Python YAML Deserialization Attack

In this blog post, we will be detailing a new vector to exploit a vulnerable version of Google SLO Generator, a widely used Python library publicly available on Github. In other words, we will be searching for an older version that we can exploit to highlight the importance of keeping software packages up to date.
By John Kilhefner
Aug 08, 2022

Blockchain Security -- The New Threat. Part 1.

A new threat is on the horizon. And this new paradigm promises to be the most profound shift for security professionals since the dot-com boom of the nineties. I’m talking about blockchains and decentralized economies in the 2020s. To get a sense for the scope of change in front of us, we need to take a trip down memory lane – to the advent of the internet.
By Kent Weigle
Aug 05, 2022

CISAnalysis 05 August 2022

CVE-2022-27924, a vulnerability published in May 2022, has been added to CISA's Known Exploited Vulnerabilities Catalog.