Blog

XSS, SQL injection, and WAF

John Baldock

XSS – Cross-site scripting

XSS is a common form of injection attack on public facing web servers. Any web server can be vulnerable to attack, and websites now are feature-rich with multiple embedded databases, comments sections, and media… all of which increase the vector types that can be attempted by cyber criminals for various reasons.

more →

Blog

Penetration Testing vs DDoS Testing

John Baldock

We all recognise that testing your IT infrastructure is paramount to keeping your systems secure, and we always discuss this with all of our customers.  However, when we start to talk about DDoS testing we are often met with the view that conducting pen testing is enough.  This lead me to write this blog explaining the two methods of testing, how they differ and where they fit in your network security arsenal.

more →

Blog

DDoS attack threat – mitigation and testing

John Baldock

Another high-profile website has suffered downtime as a result of a DDoS attack. This time is was the BBC. It is important for all organisations, hoping to avoid a similar fate, to review how the tech industry is reacting.

Project Shield from Google

Clicking through news articles related to the attack, filled with interchangeable clichéd phrases, I stumbled across this announcement of the expansion of Project Shield from Google.

more →