Adding SEO Friendly URL’s to OpenCart
november 2011 by hanicker
First off, I must give credit where it is due. I got most of my information on OpenCart Clean URL’s from PHP Genious. In this post I will explain how friendly or clean URL’s work in OpenCart.
Clean URL’s are built into OpenCart 1.5. To use SEO URL’s you need to enable them under your stores server settings, rename the .htaccess.txt file and add your SEO keyword for each product and category you create. The keywords will not be created for you. You must also have Apache mod_rewrite turned on. Most web hosts will have this on by default.
Enable SEO URL’s in the OpenCart Admin
The first step is to enable SEO URL’s in your stores admin. Go to the “System” drop-down and click on “Settings”. Locate the store you want to alter and click the “Edit” link off to the right. Finally click the “Server” tab and set the SEO URL’s radio to “Yes” and save your settings.
Rename the .htaccess.txt file
Next you must create an .htaccess file. If you do not create this file your pages will not display. OpenCart provides a file called .htaccess.txt. Rename this file to .htaccess and you will be good to go. If you don’t have this file in your root directory you will need to make your own .htaccess file. The fiel should include the following:
# 1.To use URL Alias you need to be running apache with mod_rewrite enabled.
# 2. In your opencart directory rename htaccess.txt to .htaccess.
# For any support issues please visit: http://www.opencart.com
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
Order deny,allow
Deny from all
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule sitemap.xml /index.php?route=feed/google_sitemap
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
### Additional Settings that may need to be enabled for some servers
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.
# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off
# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off
# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M
# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M
# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200
# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200
Enter SEO Keywords for URL’s
Finally, you need to enter SEO keywords for every page, information, product and category you want to have URL rewrite. You can find the field for the SEO Keywords under the Data tab when editing and creating items.
Once you have entered the SEO Keywords your URL’w will be working. Now go and enjoy more traffic and happy customers.
Articles
Marketing
Programming
clean_url
ecommerce
OpenCart
php
seo
uri
url
from google
Clean URL’s are built into OpenCart 1.5. To use SEO URL’s you need to enable them under your stores server settings, rename the .htaccess.txt file and add your SEO keyword for each product and category you create. The keywords will not be created for you. You must also have Apache mod_rewrite turned on. Most web hosts will have this on by default.
Enable SEO URL’s in the OpenCart Admin
The first step is to enable SEO URL’s in your stores admin. Go to the “System” drop-down and click on “Settings”. Locate the store you want to alter and click the “Edit” link off to the right. Finally click the “Server” tab and set the SEO URL’s radio to “Yes” and save your settings.
Rename the .htaccess.txt file
Next you must create an .htaccess file. If you do not create this file your pages will not display. OpenCart provides a file called .htaccess.txt. Rename this file to .htaccess and you will be good to go. If you don’t have this file in your root directory you will need to make your own .htaccess file. The fiel should include the following:
# 1.To use URL Alias you need to be running apache with mod_rewrite enabled.
# 2. In your opencart directory rename htaccess.txt to .htaccess.
# For any support issues please visit: http://www.opencart.com
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
Order deny,allow
Deny from all
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule sitemap.xml /index.php?route=feed/google_sitemap
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
### Additional Settings that may need to be enabled for some servers
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.
# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off
# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off
# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M
# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M
# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200
# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200
Enter SEO Keywords for URL’s
Finally, you need to enter SEO keywords for every page, information, product and category you want to have URL rewrite. You can find the field for the SEO Keywords under the Data tab when editing and creating items.
Once you have entered the SEO Keywords your URL’w will be working. Now go and enjoy more traffic and happy customers.
november 2011 by hanicker
Protecting against XSS
september 2011 by hanicker
The problem as I see it
Where to start? Let me start by telling you that most of the books you read are wrong. The code samples you copy of the internet to do a specific task are wrong (the wrong way to handle a GET request), the function you copied from that work colleague who in turn copied from a forum is wrong (the wrong way to handle redirects). Start to question everything. Maybe this blog post is wrong this is the kind of mindset you require in order to protect your sites from XSS. You as a developer need to start thinking more about your code. If a article you are reading contains stuff like echo $_GET or Response.Write without filtering then it’s time to close that article.
Are frameworks the answer? I think in my honest opinion no. Yes a framework might prevent XSS in the short term but in the long term the framework code will be proven to contain mistakes as it evolves and thus when it is exploited it will be more severe than if you wrote the code yourself. Why more severe? A framework hole can be easily automated since many sites share the same codebase, if you wrote your own filtering code than an attacker would be able to exploit the individual site but find it hard to automate a range of sites using different filtering methods. This is one of the main reasons the internet works today, not because everything is secure just because everything is different.
One of the arguments I hear is that a developer can’t be trusted to create a perfect filtering system for a site and using a framework ensures the developer follows best guidelines. I disagree, developers are intelligent they write code and understand code, if you can build a system you can protect it because you’re in the best position to.
How to handle input
When you handle user input just think to yourself “a number is a vector”, imagine a site that renders a image server side and allows you to choose the width and height of the graphic, if you don’t think a number is a vector then you might not put any restrictions on the width and height of the generated graphic but what happens when an attacker requests a 100000×100000 graphic? If you’re code doesn’t handle the maximum and minimum inputs then an attacker can DOS your server with multiple requests. The lesson is not to be lazy about each input you handle, you need to make sure each value is validated correctly.
The process should be as follows.
1. Validate type – Ensure the value your are getting is what you were expecting.
2. Whitelist – Remove any characters that should not be in the value by providing the only characters that should.
3. Validate Length – Always validate the length of the input even when the value isn’t being placed in the database. The less that an attacker has to work with the better.
4. Restrict – Refine what’s allowed within the range of characters you allow. For example is the minimum value 5?
5. Escape – Depending on context (where your variable is on the page) escape correctly.
You can make things easier for yourself by placing these methods into a function or a class but don’t overcomplicate keep each method as simple as possible and be very careful and descriptive with your function names to avoid confusion.
HTML context
Lets look at an example of the method above with a code sample in PHP.
<?php
$x = (string) $_GET['x']; //ensure we get a string not array
$x = preg_replace("/[^\w]/","", $x); //remove any characters that are not a-z, A-Z, 0-9 or _
$x = substr($x, 0, 10);//restrict to a maximum of 10 characters
if(!preg_match("/^a/i", $x)) {//this value must only begin with a or A
$x = '';
}
echo '<b>' . htmlentities($x, ENT_QUOTES) . '</b>'; //escape everything according to context of $x
?>
You might be wondering why I used (string) in the code above. Lets try it without it.
Using the following:test.php?x[]=123
Results in: “Warning: substr() expects parameter 1 to be string, array given”
Because of the PHP feature which allows you to pass arrays over a GET request you can create a warning in PHP over unexpected type when trying to whitelist the value. Using type hinting ensures you get the expected type.
Great so we now understand how to restrict and escape a value. Lets look at another context.
Script context
When not in XHTML/XML mode a script tag does not decode HTML entities. If you have a value within a variable inside a script tag, question is what do you escape?
example:
<script>x='value here';</script>
Inside a JavaScript variable like this you have to watch out for the following ‘ and </script> using these vectors it’s possible to XSS the value. The two examples are listed below.
vector 1: ',alert(1),//
vector 2: </script><img src=1 onerror=alert(1)>
The second example requires no quotes and a lot of developers assume it won’t be executed because it’s still inside a JavaScript variable, this is clearly wrong as it executes because the browser doesn’t know where the script begins and ends correctly.
To escape a value inside a script context you should JavaScript escape the value. The best way of doing this is using unicode escapes, a unicode escape in JavaScript looks like the following:
<script>
alert('\u0061');//"a" in a unicode escape
</script>
You can experiment with unicode escapes using my Hackvertor tool. Please understand how they work as they will be very important to you when understanding how to protect many contexts.
It’s very important you follow the same procedure as before (Validate type, Whitelist, Validate Length, Restrict, Escape) for the specific variable you’re working on but this time we will convert our value into unicode escapes. A simple function to do that is as follows:
<?php
function jsEscape($input) {
if(strlen($input) == 0) {
return '';
}
$output = '';
$input = preg_replace("/[^\\x01-\\x7F]/", "", $input);//remove any characters outside the range 0x01-0x7f
$chars = str_split($input);
for($i=0;$i<count($chars);$i++) {
$char = $chars[$i];
$output .= sprintf("\\u%04x", ord($char));//get the character code and convert to hex and prefix with \u00
}
return $output;
}
?>
I’ve purposely designed this function with a few little optimisations missing, for example instead of using unicode you could use hex escapes since we restrict the range of allowed characters, alphanumeric characters are even converted when they could be replaced by their literal characters and new lines/tabs are encoded too when you could use the shorter equivalent. Lets add a line to use a literal tab character instead of \u0009. Why would you want to do this? To reduce the characters sent down the wire.
Code to handle tab:
<?php
if(preg_match("/^\t$/", $char)) {
$output .= '\\t';
continue;
}
?>
This converts a tab specifically to “\t”, notice how we separate input and output and by using continue we can skip the input character and override it with something more specific. The full code is now below for clarity.
<?php
function jsEscape($input) {
if(strlen($input) == 0) {
return '';
}
$output = '';
$input = preg_replace("/[^\\x01-\\x7F]/", "", $input);
$chars = str_split($input);
for($i=0;$i<count($chars);$i++) {
$char = $chars[$i];
if(preg_match("/^\t$/", $char)) {
$output .= '\\t';//don't unicode escape but using a shorter \t instead. Double escape remember!
continue;//skip a line and move on the the next char
}
$output .= sprintf("\\u%04x", ord($char));
}
return $output;
}
?>
Exercises for this code:
1. Can you handle characters outside the ascii range?
2. Convert any non dangerous character to their escaped or literal representation.
Script context in XHTML
In the previous section you might have wondered about XHTML when I stated “when not in XHTML/XML mode a script tag does not decode HTML entities”. In XHTML entities can be decoded even inside script blocks! Fortunately the code I provided for that section will handle that since unicode escapes are used. If you followed the exercises in that section did you make the “&” safe? That is something to think about when you are working on XHTML page. In order for XHTML to be used in the browser you have to serve the pages with the correct XHTML header. I recommend you don’t use the XHTML header.
Even though the previous examples still protect you against attack, I will show you a couple of vectors for XHTML sites/
<script>x='',alert(/This works in XHTML/)//';</script>
<script>x='',alert(/This also works in XHTML/)//';</script>
This would work in any XML based format, entities can be used to break out of strings and just a simple </ will also do the trick. Don’t use XHTML or if you do unicode escape and don’t allow literal “&”.
JavaScript events
Now you know what happens in XHTML, you might be interested to know it also happens in HTML attributes. Any HTML attribute including events such as onclick will automatically decode entities and use them as if they were literal characters. Best demonstrated with a code example.
<div title=">" id="x">test</div>
<script>
alert(document.getElementById('x').title);
</script>
As you can see instead of the value of the title attribute of the div element returning “>” it returned “>” because it was automatically decoded. This whole process is one of the root causes of XSS, the developer didn’t understand that. Lets look at what happens with a onclick event and a variable of “x”.
<a href="#" onclick="x='',alert(1),'';">test</a>
Clicking on the link fired the alert because like XHTML the entities are decoded, when you are in the attribute context you need to do exactly the same as if you were in the XHTML context. Reusing your jsecape function will fully protect you from XSS in attributes and variables like this.
innerHTML context
I hope you’ve grasped the previous concepts because now it’s going to get slightly confusing. If you[…]
articles
php
Security
xss
from google
Where to start? Let me start by telling you that most of the books you read are wrong. The code samples you copy of the internet to do a specific task are wrong (the wrong way to handle a GET request), the function you copied from that work colleague who in turn copied from a forum is wrong (the wrong way to handle redirects). Start to question everything. Maybe this blog post is wrong this is the kind of mindset you require in order to protect your sites from XSS. You as a developer need to start thinking more about your code. If a article you are reading contains stuff like echo $_GET or Response.Write without filtering then it’s time to close that article.
Are frameworks the answer? I think in my honest opinion no. Yes a framework might prevent XSS in the short term but in the long term the framework code will be proven to contain mistakes as it evolves and thus when it is exploited it will be more severe than if you wrote the code yourself. Why more severe? A framework hole can be easily automated since many sites share the same codebase, if you wrote your own filtering code than an attacker would be able to exploit the individual site but find it hard to automate a range of sites using different filtering methods. This is one of the main reasons the internet works today, not because everything is secure just because everything is different.
One of the arguments I hear is that a developer can’t be trusted to create a perfect filtering system for a site and using a framework ensures the developer follows best guidelines. I disagree, developers are intelligent they write code and understand code, if you can build a system you can protect it because you’re in the best position to.
How to handle input
When you handle user input just think to yourself “a number is a vector”, imagine a site that renders a image server side and allows you to choose the width and height of the graphic, if you don’t think a number is a vector then you might not put any restrictions on the width and height of the generated graphic but what happens when an attacker requests a 100000×100000 graphic? If you’re code doesn’t handle the maximum and minimum inputs then an attacker can DOS your server with multiple requests. The lesson is not to be lazy about each input you handle, you need to make sure each value is validated correctly.
The process should be as follows.
1. Validate type – Ensure the value your are getting is what you were expecting.
2. Whitelist – Remove any characters that should not be in the value by providing the only characters that should.
3. Validate Length – Always validate the length of the input even when the value isn’t being placed in the database. The less that an attacker has to work with the better.
4. Restrict – Refine what’s allowed within the range of characters you allow. For example is the minimum value 5?
5. Escape – Depending on context (where your variable is on the page) escape correctly.
You can make things easier for yourself by placing these methods into a function or a class but don’t overcomplicate keep each method as simple as possible and be very careful and descriptive with your function names to avoid confusion.
HTML context
Lets look at an example of the method above with a code sample in PHP.
<?php
$x = (string) $_GET['x']; //ensure we get a string not array
$x = preg_replace("/[^\w]/","", $x); //remove any characters that are not a-z, A-Z, 0-9 or _
$x = substr($x, 0, 10);//restrict to a maximum of 10 characters
if(!preg_match("/^a/i", $x)) {//this value must only begin with a or A
$x = '';
}
echo '<b>' . htmlentities($x, ENT_QUOTES) . '</b>'; //escape everything according to context of $x
?>
You might be wondering why I used (string) in the code above. Lets try it without it.
Using the following:test.php?x[]=123
Results in: “Warning: substr() expects parameter 1 to be string, array given”
Because of the PHP feature which allows you to pass arrays over a GET request you can create a warning in PHP over unexpected type when trying to whitelist the value. Using type hinting ensures you get the expected type.
Great so we now understand how to restrict and escape a value. Lets look at another context.
Script context
When not in XHTML/XML mode a script tag does not decode HTML entities. If you have a value within a variable inside a script tag, question is what do you escape?
example:
<script>x='value here';</script>
Inside a JavaScript variable like this you have to watch out for the following ‘ and </script> using these vectors it’s possible to XSS the value. The two examples are listed below.
vector 1: ',alert(1),//
vector 2: </script><img src=1 onerror=alert(1)>
The second example requires no quotes and a lot of developers assume it won’t be executed because it’s still inside a JavaScript variable, this is clearly wrong as it executes because the browser doesn’t know where the script begins and ends correctly.
To escape a value inside a script context you should JavaScript escape the value. The best way of doing this is using unicode escapes, a unicode escape in JavaScript looks like the following:
<script>
alert('\u0061');//"a" in a unicode escape
</script>
You can experiment with unicode escapes using my Hackvertor tool. Please understand how they work as they will be very important to you when understanding how to protect many contexts.
It’s very important you follow the same procedure as before (Validate type, Whitelist, Validate Length, Restrict, Escape) for the specific variable you’re working on but this time we will convert our value into unicode escapes. A simple function to do that is as follows:
<?php
function jsEscape($input) {
if(strlen($input) == 0) {
return '';
}
$output = '';
$input = preg_replace("/[^\\x01-\\x7F]/", "", $input);//remove any characters outside the range 0x01-0x7f
$chars = str_split($input);
for($i=0;$i<count($chars);$i++) {
$char = $chars[$i];
$output .= sprintf("\\u%04x", ord($char));//get the character code and convert to hex and prefix with \u00
}
return $output;
}
?>
I’ve purposely designed this function with a few little optimisations missing, for example instead of using unicode you could use hex escapes since we restrict the range of allowed characters, alphanumeric characters are even converted when they could be replaced by their literal characters and new lines/tabs are encoded too when you could use the shorter equivalent. Lets add a line to use a literal tab character instead of \u0009. Why would you want to do this? To reduce the characters sent down the wire.
Code to handle tab:
<?php
if(preg_match("/^\t$/", $char)) {
$output .= '\\t';
continue;
}
?>
This converts a tab specifically to “\t”, notice how we separate input and output and by using continue we can skip the input character and override it with something more specific. The full code is now below for clarity.
<?php
function jsEscape($input) {
if(strlen($input) == 0) {
return '';
}
$output = '';
$input = preg_replace("/[^\\x01-\\x7F]/", "", $input);
$chars = str_split($input);
for($i=0;$i<count($chars);$i++) {
$char = $chars[$i];
if(preg_match("/^\t$/", $char)) {
$output .= '\\t';//don't unicode escape but using a shorter \t instead. Double escape remember!
continue;//skip a line and move on the the next char
}
$output .= sprintf("\\u%04x", ord($char));
}
return $output;
}
?>
Exercises for this code:
1. Can you handle characters outside the ascii range?
2. Convert any non dangerous character to their escaped or literal representation.
Script context in XHTML
In the previous section you might have wondered about XHTML when I stated “when not in XHTML/XML mode a script tag does not decode HTML entities”. In XHTML entities can be decoded even inside script blocks! Fortunately the code I provided for that section will handle that since unicode escapes are used. If you followed the exercises in that section did you make the “&” safe? That is something to think about when you are working on XHTML page. In order for XHTML to be used in the browser you have to serve the pages with the correct XHTML header. I recommend you don’t use the XHTML header.
Even though the previous examples still protect you against attack, I will show you a couple of vectors for XHTML sites/
<script>x='',alert(/This works in XHTML/)//';</script>
<script>x='',alert(/This also works in XHTML/)//';</script>
This would work in any XML based format, entities can be used to break out of strings and just a simple </ will also do the trick. Don’t use XHTML or if you do unicode escape and don’t allow literal “&”.
JavaScript events
Now you know what happens in XHTML, you might be interested to know it also happens in HTML attributes. Any HTML attribute including events such as onclick will automatically decode entities and use them as if they were literal characters. Best demonstrated with a code example.
<div title=">" id="x">test</div>
<script>
alert(document.getElementById('x').title);
</script>
As you can see instead of the value of the title attribute of the div element returning “>” it returned “>” because it was automatically decoded. This whole process is one of the root causes of XSS, the developer didn’t understand that. Lets look at what happens with a onclick event and a variable of “x”.
<a href="#" onclick="x='',alert(1),'';">test</a>
Clicking on the link fired the alert because like XHTML the entities are decoded, when you are in the attribute context you need to do exactly the same as if you were in the XHTML context. Reusing your jsecape function will fully protect you from XSS in attributes and variables like this.
innerHTML context
I hope you’ve grasped the previous concepts because now it’s going to get slightly confusing. If you[…]
september 2011 by hanicker
How using a vulnerability scanner boosts productivity
june 2011 by hanicker
How using a vulnerability scanner boosts productivity
A vulnerability scanner is a security tool that can be used to help you identify weaknesses in your system before the bad guys do. A vulnerability scanner can discover devices on your network that are open to known vulnerabilities. This can be achieved in different ways, such as by checking for specific patches or updates through registry entries on Windows machines, or by actually trying to exploit known vulnerabilities on the target device.
The benefits of using a vulnerability scanner vs. manual reviews
Whilst a vulnerability scanner may not be able to prevent attacks in and of itself, it will raise security awareness and provide reports on the risks that have been detected. It will also highlight which of those risks should be given the highest priority.
Vulnerability scanning can be either a manual or an automatic process.
A manual scan offers full process control and allows an administrator with a deep knowledge level to cover smart attack vectors. However, it is a slow process and far too prone to errors, especially if the administrator fails to employ a certain scan or doesn’t have the required level of skill to spot new or uncommon exploits.
On the other hand, a vulnerability scanner will automate many, if not most, of the tasks that network and system administrators need to employ in order to guarantee the security of the systems they are charged with protecting.
A vulnerability scanning tool will also automatically update itself with regard to the latest exploits which is a key point when you consider how quickly they are being discovered – not many IT experts can remember all the exploits from a couple of years ago, let alone ones that surfaced in the last month.
An automated tool is also of benefit because it produces detailed reports of its actions, allowing an administrator to then zoom in and target anything that gets flagged as being of particular interest. The main benefit though, and the easiest one to quantify and cost, is the time saving generated by utilizing a vulnerability scanner.
Continue reading "How using a vulnerability scanner boosts productivity"
Articles
from google
A vulnerability scanner is a security tool that can be used to help you identify weaknesses in your system before the bad guys do. A vulnerability scanner can discover devices on your network that are open to known vulnerabilities. This can be achieved in different ways, such as by checking for specific patches or updates through registry entries on Windows machines, or by actually trying to exploit known vulnerabilities on the target device.
The benefits of using a vulnerability scanner vs. manual reviews
Whilst a vulnerability scanner may not be able to prevent attacks in and of itself, it will raise security awareness and provide reports on the risks that have been detected. It will also highlight which of those risks should be given the highest priority.
Vulnerability scanning can be either a manual or an automatic process.
A manual scan offers full process control and allows an administrator with a deep knowledge level to cover smart attack vectors. However, it is a slow process and far too prone to errors, especially if the administrator fails to employ a certain scan or doesn’t have the required level of skill to spot new or uncommon exploits.
On the other hand, a vulnerability scanner will automate many, if not most, of the tasks that network and system administrators need to employ in order to guarantee the security of the systems they are charged with protecting.
A vulnerability scanning tool will also automatically update itself with regard to the latest exploits which is a key point when you consider how quickly they are being discovered – not many IT experts can remember all the exploits from a couple of years ago, let alone ones that surfaced in the last month.
An automated tool is also of benefit because it produces detailed reports of its actions, allowing an administrator to then zoom in and target anything that gets flagged as being of particular interest. The main benefit though, and the easiest one to quantify and cost, is the time saving generated by utilizing a vulnerability scanner.
Continue reading "How using a vulnerability scanner boosts productivity"
june 2011 by hanicker
Copy this bookmark: