Cyberis Blog

Reassuringly clear thinking.

  • Penetration testing

PHP Serialization And SQL Injection

Sanitisation of user input is essential for preventing SQL injection, regardless of the format of the supplied data. Today I'm going to look at SQL injection through a more obscure injection point: serialized PHP arrays. Taking inspiration from a finding in a recent test, I've created a small app which allows the user to upload a CSV file. This file is then converted to a PHP array, serialized and returned to the user as a hidden form field. Finally, this is posted back to the application where the supplied data is inserted into the MySQL database.

Read more
  • Penetration testing
  • Tools and techniques

Creating Macros For Burp Suite

There are many tools available for automated testing of web applications. One of the best known is probably sqlmap. Sqlmap allows you to identify and exploit SQL injection vulnerabilities with ease from the command line. However, controls such as CSRF tokens or simple anti-automation techniques such as including a unique hidden value within the form can prevent automated tools from working correctly. Macros in Burp Suite are a great way to bypass these measures in order to carry out automated testing, although they can be complicated to implement.

Read more
  • Detect and respond

After the storm

You’ve had an incident.  You’ve managed the fall-out, contained the outbreak and restored normal service.  Now is the time to sit down with your incident response teams, your operational teams and other stakeholders and work out how to prevent a recurrence.

Read more
  • Detect and respond

Enacting your response

Situational awareness throughout incident response activities is of paramount importance.  As activities are conducted, new information is likely to emerge.  New information may completely change the objectives of your exercise, and teams need to be in constant communication in order to coordinate activities. Actions assigned to responders during an incident will be informed by the systems and data at risk, business continuity plans for these systems, and the objectives of the incident response exercise.

Read more
  • Detect and respond

Defining your objectives

You have an incident. You know you need to handle it. You’re under pressure, and your team is stressed. This is often the most dangerous point in an incident response operation. Stressed people under pressure to respond quickly tend to make one of two mistakes...

Read more
  • Detect and respond

Identifying the incident

At some point, your business is likely to have to deal with an incident.  When this happens, being able to accurately identify and classify the incident is key to responding effectively with the minimum impact to your BAU operations. Yesterday, we discussed how proper planning will help you get a robust incident response framework in place.  Today, we are going to look at the sorts of questions you need to ask yourselves in order to be able to identify and classify an incident, and hence tailor your response.

Read more
  • Detect and respond

The five 'P's

It is widely acknowledged that these days, it is not a question of 'if', but 'when' an organisation will need to handle a security incident, and as every project manager knows, Proper Planning Prevents Poor Performance.

Read more
  • Detect and respond

Incident response week

Ever wondered if you're prepared for a cyber security incident? This week, one of our Directors, Gemma Moore, is guiding you through incident preparation and handling.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis