Security Experts:

Alan Wlasuk's picture

Alan Wlasuk

Alan Wlasuk is a managing partner of 403 Web Security, a full service, secure web application development company. A Bell Labs Fellow award-winner with 18+ years of experience building secure web applications, Wlasuk is an expert in web security - from evaluation to web development and remediation.

Recent articles by Alan Wlasuk

  • Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.
  • You’re not going to solve all of your security problems in the next 30 days, but you can and should fix the big ones, those Bluebirds that make it easy for hackers to kill your company.
  • As IT security becomes a major focus in our world, it is essential that corporations and development companies alike demand web application security at the contractual level.
  • By wandering around a public website with easily obtainable tools, it's easy to pick up on several security ‘tells’ that your website gives away, indicating how easy it could be to hack.
  • As I wander the world of website security, I run across many reasons why most websites (over 70%) are open to hacks from amateur and professional hackers alike.
  • I made a mistake the other day, a horrible mistake. I let my kid use my computer. My once perfect computer now has a life of its own, a malware bot that nests firmly in a place that I can’t see.
  • Let’s look at what e-mail hacking is really all about and why it could be much more painful than just having to sort through our spouse’s energy drink messages.
  • The landscape has changed – we now live in a digital world where extortion happens on a cyber level, involving criminals living in cybercrime tolerant countries halfway around the world.
  • No more fertile ground for security breaches exists in the United States than our colleges and universities. A higher education student database is an identity thief’s dream come true.
  • Cyber criminals don’t carry weapons or even leave the comfort of their homes. The botnet and phishing systems cyber criminals use are constantly aware of their vast network, which grows virally without human intervention.
  • As legal, and sometimes operational and financial, advisors to small businesses, law offices should be more aware than ever of the security risks to small business clients, understand how to mitigate these risks, and lend support when a security breach occurs.
  • Millions of identities, credit card numbers and user login credentials are still being compromised every year by hackers getting into web sites we believe are secure. This valuable information will, undoubtedly, end up in the wrong hands.
  • The vulnerability represented by the BEAST shouldn't be viewed as a major crime risk, rather as just one of hundreds, if not thousands, of Internet flaws that will soon to be discovered in the near future.
  • Crime follows money, and with the information on your phone representing access to potentially billions of dollars in the cyber crime world, you and your phone become a tempting target.
  • If you own a business with an investment in a web presence, whether it is the core of your e-commerce sales or just a brochure site, you should be thinking about what could be a soon-to-be personal relationship with the hackers behind your very own security breach.
  • In this “Case Study” column I will share some takeaways based on my involvement in two recent remediation engagements as a basis for understanding the reasons behind the continued trend in vulnerable web applications.
  • If you’re being honest with yourself, major successful cyber attacks on companies in the past few years should convince you of the fact that your business could eventually fall victim to a cyber attack.
  • The protection of data is far harder than most people recognize.
  • Are we ever going to get passwords right? And by “right”, I mean impossible to crack, easy and inexpensive to implement, and acceptable to a public that generally views passwords as an annoyance?
  • Until information on how the Zappos breach was executed comes to light, we can only assume Zappos was as good, perhaps better than most on-line retailers as far as security is concerned.
  • Like any well-established sub-culture, the world of script kiddies is fascinating to watch, difficult to fully understand from the outside and obviously intriguing to those within that world.
  • My brief relationship with the Morto worm lasted exactly 5 days, at least that I know of. Morto is a computer worm – one that burrows into a computer system and lives to infect other computers and take orders from her botnet herder.
  • The joy of a hacker extracting your data is similar to the excitement one experiences playing the mechanical claw arcade machines – the one where you insert a few quarters and grab a toy with a mechanical claw. Picture the hacker running scripts instead of using the arcade game joystick.
  • Protecting your website from hackers is tough. The battle between the good guys and the bad guys is an ever escalating war where a misstep on your part may mean a breached site.
  • While our attention is immediately drawn to the Internet when we think about the benign-turned-evil Matrix, a more interesting comparison can be made to the current Internet plague of botnets.