application security
Tag details
Welcome to the 'application security' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'application security'.
Latest blogosphere posts tagged “application security”
-
XFILES (Part 3) – The APEX Look and Feel
blog.gralike.com —
Authority: 415
Had my adventures today. Most of the packages are compile and the XDB utility packages are in place (will come back on those in a later post). Apparently as said before, Mark has added some extra new functionality “Application Security” for use with APEX. This almost locked me out today after bringing into place ...1 day ago -
Static Analysis: How Important is Accuracy?
Security and Risk Management Strategies Blog —
Authority: 110
Software security - or application security, if you prefer - is (to no surprise, Im sure) a significant ongoing research topic for us. Most recently I completed two documents on static software security analysis, which should publish in the coming 90 days. Talking to users and vendors many important aspects of the ...2 days ago -
TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting
Lori MacVittie —
Authority: 577
Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed . Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our own DevCentral members was out implementing a solution. ...3 days ago -
When Is More Important Than Where in Web Application Security
Lori MacVittie —
Authority: 577
While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research has discovered (yet) another method of exploitation that allows ...3 days ago -
Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
Darknet - The Darkside —
Authority: 465
It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.Binging is a simple tool to query Bing search engine. It will use your Bing API key [...] ...3 days ago -
Twitter Account Lockouts Continue to Plague Users
Lori MacVittie —
Authority: 577
Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search for “locked out” returns thousands of tweets with a good ...4 days ago -
Discovering Dangerous Business Application Vulnerabilities
Online Security Authority —
Authority: 130
Enterprise security consultants may spend their days at mid-size or large organizations; they may perform their assignments from anywhere in the world. Nevertheless, they possess a common assignment: to better manage the risks related to their organizational infrastructure. More and more, corporate Web application ...1 week ago -
Top 10 Web Application Security Vulnerabilities
System News for Sun Users - The Blog —
Authority: 136
Get Help from Open Web Application Security Project’s WebGoat The Open Web Application Security Project (OWASP) has identified the most critical web application security vulnerabilities, writes blogger Carol McDonald in the posting “The Top 10 Web Application Security Vulnerabilities Starting with XSS.” McDonald ...1 week ago -
Site News: Blast from the Past - One Year Ago in PHP
Computer & Internet - computer-internet.marc8.com —
Authority: 461
Heres what was popular in the PHP community one year ago today: Sameers Blog: Simple Pagination in PHP tutorial Stoyan Stefanovs Blog: Best open-source PHP CMS 2008 ProDevTips.com: PHP Doctrine - adding automatic, simple CRUD Rob Allens Blog: Using Action Helpers in Zend Framework Bradley Holts Blog: ...1 week ago -
WILS: Three Ways To Better Utilize Resources In Any Data Center
Lori MacVittie —
Authority: 577
Cloud computing is, at its core, about using resources in the most operational and financially efficient manner possible. It’s about spreading resources around and sharing them to achieve greater scalability with fewer investments in hardware and software. But what if you aren’t moving to cloud? Or virtualization? ...1 week ago -
Web Application Security Consortium (WASC) 2008 Statistics Published
Darknet - The Darkside —
Authority: 465
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability ...2 weeks ago -
Nikto 2.1.0 Released – Web Server Security Scanning Tool
Darknet - The Darkside —
Authority: 465
It’s been almost 2 years since the last update on Nikto, which was version 2.For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and ...2 weeks ago -
PILOT: Production in lieu of testing (AgoraCart FAIL)
HolisticInfoSec.org —
Authority: 106
SUBTITLE: "I wont test, and you cant make me!" SUBSUBTITLE: "I cant test what I obviously dont understand, and dont care to." So often code goes live (or stays live) just as defined in this posts title: production in lieu of testing. Put this thinking together with vendor/developers who clearly dont understand ...2 weeks ago -
Identifying Critical Business Application Exposures
Get Credit Cards —
Authority: 159
Mid-level business managers may pass their days working at mid-size or large enterprises; they may perform their assignments from anywhere in the country. By any means, they are tasked with a common goal: to better manage the risks associated with their business infrastructure. With each passing year, business Web ...2 weeks ago -
White box better than black box
Zero in a bit —
Authority: 91
The WASS Project which Veracode contributed data to shows some nice benefits to White box (static) over Black box (dynamic) for many serious vulnerability categories. White box overall detects a higher prevalence of many categories which we can extrapolate to having lower FN rates. Now the sample set of apps is ...2 weeks ago -
Saved by a Free Anti-Malware Tool
Wild Apricot Blog main feed —
Authority: 535
One click on an innocent-looking email attachment — and as quickly and easily as that, our home-office network was infected with a nasty Trojan. It could have been an expensive disaster, but a great free anti-malware tool made it easy to remove the malicious software myself, without tech support, before any harm was ...2 weeks ago -
Never use dynamic variable names
IT Security —
Authority: 416
How to dynamically name variables is a common subject of programming questions. That’s a great way to create security problems, though. You have all probably seen it — at least, all of you that pay any attention to online discussion of programming. Sometime, somewhere, somebody eventually crops up asking ...2 weeks ago -
The Truth About Regulatory Compliance
Information Security Resources —
Authority: 473
By Steven Fox , Founder of SecureLexicon This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness . In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. Regulatory compliance was cited as a driver for ...3 weeks ago -
Microsoft makes Firefox vulnerable; Mozilla responds
IT Security —
Authority: 416
A months-old Microsoft security faux pas rears its ugly head, and Firefox users pay the price. Earlier this year, Microsoft came up with a way to surreptitiously add a feature to Firefox — and, at the same time, a new way for Firefox to be vulnerable to malicious security crackers. In Microsoft may be ...3 weeks ago -
PANEL: Sun Tzu and the InfoSec Battlefield
Information Security Resources —
Authority: 473
By Steven Fox , Founder of SecureLexicon Dallas, TX - The SecureWorld Expo will host the Sun Tzu and The Art of Information Security panel at the Plano Convention Centre from 3 to 4pm on Wednesday, November 4, 2009 in the Keynote Theater. Sun Tzu’s The Art of War is considered a fundamental text on ...3 weeks ago
