application security
Tag details
Welcome to the 'application security' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'application security'.
Latest blogosphere posts tagged “application security”
-
An Ounce of Prevention is Worth a Pound of Cure
Zero in a bit —
Authority: 396
A conversation on Twitter this morning started out like this: @dinozaizovi: Finding vulnerabilities without exploiting them is like putting on a dress when you have nowhere to go. This clever analogy spurred a discussion about the importance of proving exploitability as a prerequisite to fixing bugs. While I ...5 days ago -
WARNING: Security Device Enclosed
Lori MacVittie —
Authority: 524
If you aren’t using all the security tools at your disposal you’re doing it wrong. How many times have you seen an employee wave on by a customer when the “security device enclosed” in some item – be it DVD, CD, or clothing – sets off the alarm at the doors? Just a few weeks ago I heard one young ...6 days ago -
Google SPDY Protocol Would Require Mass Change in Infrastructure
Lori MacVittie —
Authority: 524
Google’s desire to speed up the web via a new protocol is laudable, but the SPDY protocol would require massive changes across networks to support ArsTechnica had an interesting article on one of Google’s latest projects, a new web protocol designed to replace HTTP called SPDY . SPDY uses a ...1 week ago -
Data as a Service Could Drastically Impact Success of SQL Injection Attacks
Lori MacVittie —
Authority: 524
The question is whether that impact is positive (a reduction) or negative (an increase). One of the biggest threats to data integrity is the introduction of malicious content via SQLi (SQL Injection) attacks. Traditional database access methods don’t provide a lot in the way of validating requests and like HTML ...1 week ago -
Pending book review: ModSecurity 2.5
HolisticInfoSec.org —
Authority: 108
Packt Publishing , a UK based publishing firm specializing in focused IT books, has asked me to review Magnus Mischel s ModSecurity 2.5 . Having recently discussed monitoring ModSecurity with OSSEC , Im looking forward to reading this book. Ive been a ModSecurity fan since incorporating it in a secure server ...1 week ago -
Session/Cookie alone does not secure your web application – CSRF
Programming Ideas, Logics, Tips and Tricks —
Authority: 119
Guess what will happen if you add an image like below in your html page: It does not appear in page, but your google account in another window or another tab will get logoff. Now an external website could logout you from your gmail or orkut. IF you coded your website to delete a photo or object from the ...1 week ago -
Sucuri NBIM: website integrity monitoring for free
HolisticInfoSec.org —
Authority: 108
Heres a nice freebie you might like as part of your website monitoring arsenal. I signed up with Sucuri for their NBIM (network based integrity monitoring) service to help keep an eye on holisticinfosec.org, and have been very satisfied with this free offering (sometimes you get more than what you pay for). As an ...2 weeks ago -
We need to learn more about the RBS Worldpay ATM attack
Zero in a bit —
Authority: 396
The size and scope of the RBS Worldpay ATM heist are unprecedented. The perpetrators stole $9M in a matter of hours from 2100 ATMs worldwide. An indictment was handed down on Nov 10, 2009. I am always on the lookout for indictments and trials related to computer crime because this is often the only time the ...2 weeks ago -
Application Security – Where It’s At
BlogInfoSec.com —
Authority: 93
Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business case for software ...2 weeks ago -
XFILES (Part 3) – The APEX Look and Feel
blog.gralike.com —
Authority: 114
Had my adventures today. Most of the packages are compile and the XDB utility packages are in place (will come back on those in a later post). Apparently as said before, Mark has added some extra new functionality “Application Security” for use with APEX. This almost locked me out today after bringing into place ...2 weeks ago -
Static Analysis: How Important is Accuracy?
Security and Risk Management Strategies Blog —
Authority: 104
Software security - or application security, if you prefer - is (to no surprise, Im sure) a significant ongoing research topic for us. Most recently I completed two documents on static software security analysis, which should publish in the coming 90 days. Talking to users and vendors many important aspects of the ...2 weeks ago -
TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting
Lori MacVittie —
Authority: 524
Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed . Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our own DevCentral members was out implementing a solution. ...2 weeks ago -
When Is More Important Than Where in Web Application Security
Lori MacVittie —
Authority: 524
While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research has discovered (yet) another method of exploitation that allows ...2 weeks ago -
Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
Darknet - The Darkside —
Authority: 465
It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.Binging is a simple tool to query Bing search engine. It will use your Bing API key [...] ...2 weeks ago -
Twitter Account Lockouts Continue to Plague Users
Lori MacVittie —
Authority: 524
Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search for “locked out” returns thousands of tweets with a good ...2 weeks ago -
Discovering Dangerous Business Application Vulnerabilities
Online Security Authority —
Authority: 133
Enterprise security consultants may spend their days at mid-size or large organizations; they may perform their assignments from anywhere in the world. Nevertheless, they possess a common assignment: to better manage the risks related to their organizational infrastructure. More and more, corporate Web application ...3 weeks ago -
Top 10 Web Application Security Vulnerabilities
System News for Sun Users - The Blog —
Authority: 138
Get Help from Open Web Application Security Project’s WebGoat The Open Web Application Security Project (OWASP) has identified the most critical web application security vulnerabilities, writes blogger Carol McDonald in the posting “The Top 10 Web Application Security Vulnerabilities Starting with XSS.” McDonald ...3 weeks ago -
Site News: Blast from the Past - One Year Ago in PHP
Computer & Internet - computer-internet.marc8.com —
Authority: 168
Heres what was popular in the PHP community one year ago today: Sameers Blog: Simple Pagination in PHP tutorial Stoyan Stefanovs Blog: Best open-source PHP CMS 2008 ProDevTips.com: PHP Doctrine - adding automatic, simple CRUD Rob Allens Blog: Using Action Helpers in Zend Framework Bradley Holts Blog: ...3 weeks ago -
WILS: Three Ways To Better Utilize Resources In Any Data Center
Lori MacVittie —
Authority: 524
Cloud computing is, at its core, about using resources in the most operational and financially efficient manner possible. It’s about spreading resources around and sharing them to achieve greater scalability with fewer investments in hardware and software. But what if you aren’t moving to cloud? Or virtualization? ...3 weeks ago -
Web Application Security Consortium (WASC) 2008 Statistics Published
Darknet - The Darkside —
Authority: 465
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability ...4 weeks ago
