web application security
Tag details
Welcome to the 'web application security' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'web application security'.
Latest blogosphere posts tagged “web application security”
-
Session/Cookie alone does not secure your web application – CSRF
Programming Ideas, Logics, Tips and Tricks —
Authority: 114
Guess what will happen if you add an image like below in your html page: It does not appear in page, but your google account in another window or another tab will get logoff. Now an external website could logout you from your gmail or orkut. IF you coded your website to delete a photo or object from the ...3 days ago -
When Is More Important Than Where in Web Application Security
Lori MacVittie —
Authority: 564
While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research has discovered (yet) another method of exploitation that allows ...1 week ago -
Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
Darknet - The Darkside —
Authority: 465
It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.Binging is a simple tool to query Bing search engine. It will use your Bing API key [...] ...1 week ago -
Twitter Account Lockouts Continue to Plague Users
Lori MacVittie —
Authority: 564
Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search for “locked out” returns thousands of tweets with a good ...1 week ago -
Discovering Dangerous Business Application Vulnerabilities
Online Security Authority —
Authority: 129
Enterprise security consultants may spend their days at mid-size or large organizations; they may perform their assignments from anywhere in the world. Nevertheless, they possess a common assignment: to better manage the risks related to their organizational infrastructure. More and more, corporate Web application ...2 weeks ago -
Top 10 Web Application Security Vulnerabilities
System News for Sun Users - The Blog —
Authority: 136
Get Help from Open Web Application Security Project’s WebGoat The Open Web Application Security Project (OWASP) has identified the most critical web application security vulnerabilities, writes blogger Carol McDonald in the posting “The Top 10 Web Application Security Vulnerabilities Starting with XSS.” McDonald ...2 weeks ago -
Site News: Blast from the Past - One Year Ago in PHP
Computer & Internet - computer-internet.marc8.com —
Authority: 164
Heres what was popular in the PHP community one year ago today: Sameers Blog: Simple Pagination in PHP tutorial Stoyan Stefanovs Blog: Best open-source PHP CMS 2008 ProDevTips.com: PHP Doctrine - adding automatic, simple CRUD Rob Allens Blog: Using Action Helpers in Zend Framework Bradley Holts Blog: ...2 weeks ago -
WILS: Three Ways To Better Utilize Resources In Any Data Center
Lori MacVittie —
Authority: 564
Cloud computing is, at its core, about using resources in the most operational and financially efficient manner possible. It’s about spreading resources around and sharing them to achieve greater scalability with fewer investments in hardware and software. But what if you aren’t moving to cloud? Or virtualization? ...2 weeks ago -
Web Application Security Consortium (WASC) 2008 Statistics Published
Darknet - The Darkside —
Authority: 465
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability ...3 weeks ago -
Nikto 2.1.0 Released – Web Server Security Scanning Tool
Darknet - The Darkside —
Authority: 465
It’s been almost 2 years since the last update on Nikto, which was version 2.For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and ...3 weeks ago -
PILOT: Production in lieu of testing (AgoraCart FAIL)
HolisticInfoSec.org —
Authority: 103
SUBTITLE: "I wont test, and you cant make me!" SUBSUBTITLE: "I cant test what I obviously dont understand, and dont care to." So often code goes live (or stays live) just as defined in this posts title: production in lieu of testing. Put this thinking together with vendor/developers who clearly dont understand ...3 weeks ago -
Identifying Critical Business Application Exposures
Get Credit Cards —
Authority: 155
Mid-level business managers may pass their days working at mid-size or large enterprises; they may perform their assignments from anywhere in the country. By any means, they are tasked with a common goal: to better manage the risks associated with their business infrastructure. With each passing year, business Web ...3 weeks ago -
The Truth About Regulatory Compliance
Information Security Resources —
Authority: 499
By Steven Fox , Founder of SecureLexicon This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness . In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. Regulatory compliance was cited as a driver for ...3 weeks ago -
PANEL: Sun Tzu and the InfoSec Battlefield
Information Security Resources —
Authority: 499
By Steven Fox , Founder of SecureLexicon Dallas, TX - The SecureWorld Expo will host the Sun Tzu and The Art of Information Security panel at the Plano Convention Centre from 3 to 4pm on Wednesday, November 4, 2009 in the Keynote Theater. Sun Tzu’s The Art of War is considered a fundamental text on ...4 weeks ago -
Automated Security Testing - Cant I Just Point-n-Click? (Part 1)
Following the White Rabbit Blog —
Authority:
Ive been witness to an interesting phenomena. Several otherwise rational folks- customers, prospective customers, and pundits alike - have posed the question to me now over a the last several months. Ive been thinking a lot about the topic and have some thoughts I think its time I share. The question for ...4 weeks ago -
Putting a Price on Uptime
Lori MacVittie —
Authority: 564
A lack of ability in the cloud to distinguish illegitimate from legitimate requests could lead to unanticipated costs in the wake of an attack. How do you put a price on uptime and more importantly, who should pay for it? A “Perfect Cloud”, in my opinion, would be one in which the cloud provider’s ...4 weeks ago -
Free Web application security testing tools you need to get to know
TuVinhSoft .,JSC —
Authority: 433
I’ve always touted the fact that you need good tools to get good security testing results. By and large, I’ve found that commercial products tend to provide better results than their freeware and open source counterparts. This seems to be especially important when testing Web applications.That said, I know budget ...4 weeks ago -
Web Application Security - How To Minimize Prevalent Risk Of Attacks
IT Professionals —
Authority: 484
Vulnerabilities in Web applications are now the largest vector of enterprise security attacks. Stories about exploits that compromise sensitive data frequently mention culprits such as “cross-site scripting,” “SQL injection,” and “buffer overflow.” Vulnerabilities like these fall often outside the ...4 weeks ago -
Black Hat: Articulating the Value of Security
Information Security Resources —
Authority: 499
By Steven Fox , Founder of SecureLexicon This is the second part ( Part One ) of my Black Hat interview with Barmak Meftah , Sr. VP, Products & Services at Fortify. In this installment, Mr. Meftah discusses ways to evangelize security. How do we market security? The cyber-bullies among us might ...4 weeks ago
Comments about web application security
Personal attacks are NOT allowedPlease read our comment policy
