Webappsec->General

54b393d8c5ad38d03c46d060fa365773

Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community.

November 12, 2013 Added by:Jason Clark

Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why Manual Testing is Worth the Extra Buck: Weighing the Pros & Cons

November 12, 2013 Added by:Rohit Sethi

Businesses often ask for guidance on whether they need to do a manual penetration test for a specific application or if automated testing suffices. Here I try to briefly describe some of the advantages and disadvantages of each method and explain our preferred approach.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Security Training Program – Fixed or Customized?

November 07, 2013 Added by:Rohit Sethi

Vishal Asthana, takes a closer look at key questions to ask when implementing a software developer security training program.

Comments  (0)

514b2ac354098d84c07620f2591193b2

OWASP Vulnerability Deep Dive: CSRF

October 30, 2013 Added by:Kyle Adams

While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Can Software Security Requirements Yield Faster Time to Market?

October 17, 2013 Added by:Rohit Sethi

Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.

Comments  (0)

86d8831c7ce6fcda920aac867a984d98

Leaked Data and Credentials: Cracked Web Applications

September 25, 2013 Added by:InfoSec Institute

Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why Remediating Assessment Results Might be Harmful to Your Business

September 11, 2013 Added by:Rohit Sethi

Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

The Three Patterns of Software Development for SDLC Security

August 30, 2013 Added by:Rohit Sethi

A one-sized fits all approach to Software Development Life Cycle (SDLC) security doesn’t work. Practitioners often find that development teams all have different processes – many seem they are special snowflakes, rejecting a single SDLC security program.

Comments  (4)

98180f2c2934cab169b73cb01b6d7587

Cyber Security and Terrorism – See Something, Say Something

August 08, 2013 Added by:Jon Stout

he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Cyber Security – Is Offensive Cyber Security Necessary?

July 31, 2013 Added by:Jon Stout

The country is at war and it is a cyber security war. The enemies are many, diverse and competent and fighting a defensive war is not the best way to win. Cyber security war is like any other war- taking the offensive will improve your chances of success. Like any other war, the cyber security war requires proper planning for success and a total winning strategy. Half hearted measures will not ...

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Top Secret SCI Jobs - The Value of Smaller Contractors

July 30, 2013 Added by:Jon Stout

You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.

Comments  (0)

72462991dba2e16e1588d4af1293ae58

Why SQL Injection Still Plagues Us

July 23, 2013 Added by:Dan Kuykendall

Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Cyber Attacks the Reality, the Reason and the Resolution Part 3

June 24, 2013 Added by:Larry Karisny

Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.

Comments  (0)

Af2769c2480db78c589b811b428782b0

PHP and Application Security

June 10, 2013 Added by:Lee Mangold

The low barrier-of-entry for PHP allows inexperienced developers act like engineers and publish insecure code. These developers may be developing useful stuff, but they simply don't understand security.

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Steps Toward Weaponizing the Android Platform

May 13, 2013 Added by:Kyle Young

In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool.

Comments  (4)

306708aaf995cf6a77d3083885b60907

Infographic: Keeping Web Applications Safe

May 09, 2013 Added by:Mike Lennon

Continuing the security industry trend of publishing infographics, the folks at Enterprise Strategy Group published an infographic that illustrates some of the challenges associated with web application security.

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »