Secure HTTP Redirection
Web servers should not perform Port 80 (HTTP) to Port 443 (HTTPS) redirections – leave that up to your WAF, Edge, or another isolated way.
Stealth collection of evidence using WGET
From time to time, I find myself needing to collect evidence against some of the bad guys on the Internet, including numerous scammers and other shady characters who sell fake or malicious software to innocent victims. It is an unbelievably tediou…
Protect IIS from SQL Injection using URLScan 3.0 Beta
UPDATE: Since writing this, Microsoft have released URLScan 3.1 which you should be using -> http://www.iis.net/extensions/UrlScan If you’re not using URLScan Beta 3.0 then you’re just asking for trouble these days. There has been a recent ramp up…
Michael McKinnon - People | Technology | Cyber Security 