General Data Protection Regulation (GDPR) requirements, deadlines and facts

Following article cited from website

What is the GDPR? GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. The GDPR also regulates the exportation of personal data outside the EU.
And non-compliance could cost companies dearly.
Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.
The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what const…

MySQL - Detect "Too many connections" error and show alternate web page

If you get a Too many connections error when you try to connect to the mysqld server, this means that all available connections are in use by other clients. The number of connections permitted is controlled by the max_connections system variable. The default value is 151 to improve performance when MySQL is used with the Apache Web server. (Previously, the default was 100.) If you need to support more connections, you should set a larger value for this variable.
Solution provided by user Rob Williams:
$link = mysql_connect("localhost", "mysql_user", "mysql_password");
if (mysql_errno() == 1203) {
// 1203 == ER_TOO_MANY_USER_CONNECTIONS (mysqld_error.h)

How security audits, vulnerability assessments and penetration tests differ

security audits vs vulnerability assessments vs penetration tests
vulnerability assessment
A vulnerability assessment is a practice used to identify all potential vulnerabilities that could be exploited in an environment. The assessment can be used to evaluate physical security, personnel (testing through social engineeringand such), or system and network security. Most commercial organizations just want their systems and networks assessed. This means an individual or team runs a scanning tool (Internet System Scanner, Heat, Nessus, etc.). These tools identify running services that typically have vulnerabilities that can be exploited, operating system and application identified vulnerabilities, missingpatchesand hotfixes. The result, depending upon the product, is a long list of every computer system by IP address and their associated vulnerabilities and steps on how to "fix" the vulnerabilities. However, just because something is identified as a vulnerability, does not neces…


The following is an extract from veracode official website.

When searching for vulnerabilities in websites and web apps, manual web application penetration testing is essential. Automated penetration testing tools simply can’t find every flaw – sometimes, it takes the skill and insight of the manual tester to identify complex authorization issues or business logic flaws. Manual web application penetration testing is most effective and cost-efficient when combined with other scanning technologies. Manual testing on its own can be quite expensive and time-consuming, taking weeks to perform a full penetration test. That’s why, when choosing technologies that can deliver state-of-the-art application security, more leading companies today turn to web app penetration testing solutions from Veracode. With a full complement of testing solutions built on a leading application security platform, Veracode helps organizations to better protect the software that drives business results.
Without be…

AWS - Security and Compliance - shared responsibility model

Overview Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment. As shown in the chart below, this differentiation of responsibility is common…

The Five Universal Laws of Cybersecurity Everyone Should Know

Nick Espinosa, cybersecurity expert at Forbes, created 5 crucial laws that "will forever be the immutable universal constants that govern this topic and our existence in relation to it."

Law No. 1: If There Is A Vulnerability, It Will Be Exploited From sneaking your way out of a tollbooth for free to derailing a nuclear weapon program, finding ways around everything for (for both good and bad) is so ubiquitous today we've have a term for it, life-hacking. Always consider there will always be those people who will try and hack everything. Law No. 2: Everything Is Vulnerable In Some Way We've always assumed our computers are essentially safe and harmless. At the beginning of 2018, it was revealed that for decades these workhorses have been carrying a massive vulnerability that could allow malicious hackers to wreak havoc on all of us. Law No. 3: Humans Trust Even When They Shouldn't Trust is an essential part of the human existence, but it is our greatest weakness in …

The Perl Philosophy

There's more than one way to do it.
Three virtues of a programmerLazinessImpatienceHubris
Share and Enjoy !