web application security
Tag details
Welcome to the 'web application security' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'web application security'.
Latest blogosphere posts tagged “web application security”
-
REI: vulnerability remediation done wrong
HolisticInfoSec.org —
Authority: 113
Part 2 of 2 of Vulnerability remediation done * It makes me sad to use REI as another example of the wrong way to manage vulnerability disclosure; I am a member who is fond of their stores and products. I will not name names or blather on about negligence. Rather, I will let the facts simply speak for ...4 days ago -
Pligg pluggs holes: vulnerability remediation done right
HolisticInfoSec.org —
Authority: 113
Part 1 of 2 of Vulnerability remediation done * Often, when I disclose web application vulnerabilities to Secunia, who in turn works with vendors to drive mitigation and remediation, we are met with vendors who dont reply , dont care , or dont fix . Yet, once in a rare while a vendor chooses the righteous ...4 days ago -
Fun with fake Flash: an Abode update you dont want
HolisticInfoSec.org —
Authority: 113
Jericho of Attrition.org (support the Open Security Foundation!) recently asked the VIM mailing list a question: Adobe Flash - vuln or just "design"? The question, inspired by Mike Bailey s work for Foreground Security, leads to healthy debate, including press and vendor response . But, ironically the same day ...1 week ago -
The Application Delivery Spell Book: Detect Invisible (Application) Stalkers
Lori MacVittie —
Authority: 491
The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or to cast this spell over your infrastructure Detect Invisible (Application) Stalkers ...1 week ago -
WARNING: Security Device Enclosed
Lori MacVittie —
Authority: 491
If you aren’t using all the security tools at your disposal you’re doing it wrong. How many times have you seen an employee wave on by a customer when the “security device enclosed” in some item – be it DVD, CD, or clothing – sets off the alarm at the doors? Just a few weeks ago I heard one young ...2 weeks ago -
Google SPDY Protocol Would Require Mass Change in Infrastructure
Lori MacVittie —
Authority: 491
Google’s desire to speed up the web via a new protocol is laudable, but the SPDY protocol would require massive changes across networks to support ArsTechnica had an interesting article on one of Google’s latest projects, a new web protocol designed to replace HTTP called SPDY . SPDY uses a ...2 weeks ago -
Data as a Service Could Drastically Impact Success of SQL Injection Attacks
Lori MacVittie —
Authority: 491
The question is whether that impact is positive (a reduction) or negative (an increase). One of the biggest threats to data integrity is the introduction of malicious content via SQLi (SQL Injection) attacks. Traditional database access methods don’t provide a lot in the way of validating requests and like HTML ...2 weeks ago -
Pending book review: ModSecurity 2.5
HolisticInfoSec.org —
Authority: 113
Packt Publishing , a UK based publishing firm specializing in focused IT books, has asked me to review Magnus Mischel s ModSecurity 2.5 . Having recently discussed monitoring ModSecurity with OSSEC , Im looking forward to reading this book. Ive been a ModSecurity fan since incorporating it in a secure server ...2 weeks ago -
Session/Cookie alone does not secure your web application – CSRF
Programming Ideas, Logics, Tips and Tricks —
Authority: 118
Guess what will happen if you add an image like below in your html page: It does not appear in page, but your google account in another window or another tab will get logoff. Now an external website could logout you from your gmail or orkut. IF you coded your website to delete a photo or object from the ...3 weeks ago -
Sucuri NBIM: website integrity monitoring for free
HolisticInfoSec.org —
Authority: 113
Heres a nice freebie you might like as part of your website monitoring arsenal. I signed up with Sucuri for their NBIM (network based integrity monitoring) service to help keep an eye on holisticinfosec.org, and have been very satisfied with this free offering (sometimes you get more than what you pay for). As an ...3 weeks ago -
When Is More Important Than Where in Web Application Security
Lori MacVittie —
Authority: 491
While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research has discovered (yet) another method of exploitation that allows ...4 weeks ago -
Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
Darknet - The Darkside —
Authority: 459
It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.Binging is a simple tool to query Bing search engine. It will use your Bing API key [...] ...4 weeks ago -
Twitter Account Lockouts Continue to Plague Users
Lori MacVittie —
Authority: 491
Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search for “locked out” returns thousands of tweets with a good ...4 weeks ago -
Discovering Dangerous Business Application Vulnerabilities
Online Security Authority —
Authority: 428
Enterprise security consultants may spend their days at mid-size or large organizations; they may perform their assignments from anywhere in the world. Nevertheless, they possess a common assignment: to better manage the risks related to their organizational infrastructure. More and more, corporate Web application ...5 weeks ago -
Top 10 Web Application Security Vulnerabilities
System News for Sun Users - The Blog —
Authority: 138
Get Help from Open Web Application Security Project’s WebGoat The Open Web Application Security Project (OWASP) has identified the most critical web application security vulnerabilities, writes blogger Carol McDonald in the posting “The Top 10 Web Application Security Vulnerabilities Starting with XSS.” McDonald ...5 weeks ago -
Site News: Blast from the Past - One Year Ago in PHP
Computer & Internet - computer-internet.marc8.com —
Authority: 169
Heres what was popular in the PHP community one year ago today: Sameers Blog: Simple Pagination in PHP tutorial Stoyan Stefanovs Blog: Best open-source PHP CMS 2008 ProDevTips.com: PHP Doctrine - adding automatic, simple CRUD Rob Allens Blog: Using Action Helpers in Zend Framework Bradley Holts Blog: ...5 weeks ago -
WILS: Three Ways To Better Utilize Resources In Any Data Center
Lori MacVittie —
Authority: 491
Cloud computing is, at its core, about using resources in the most operational and financially efficient manner possible. It’s about spreading resources around and sharing them to achieve greater scalability with fewer investments in hardware and software. But what if you aren’t moving to cloud? Or virtualization? ...5 weeks ago -
Web Application Security Consortium (WASC) 2008 Statistics Published
Darknet - The Darkside —
Authority: 459
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability ...5 weeks ago
Comments about web application security
Personal attacks are NOT allowedPlease read our comment policy
