Webappsec->General

F6bae6ee0c7dfe5b62860cc8ebf311fe

User Education - A Light Hearted Anicdote

December 11, 2009 Added by:John England

I had just been reading the post on Reacting to Security Vulnerabilities, and was reading the good usage guide at the bottom, and it made me think of something and chuckle. My partner has a 17 year old daugher, who is typical in running MSN/facebook, torrent clients, and generally no consideration for the type of sites she c...

Comments  (0)

8d04c13e080ecc73656118e7650fbb4c

Facebook Application and Content Creation Privacy

December 04, 2009 Added by:Todd Zebert

While Take Control of your Facebook Security & Privacy Settings (part 1 of this series) provided an overview of Application Privacy, this is a deeper dive and explains how Built-in Apps control some basic functions and default security of Facebook. This is the third in a series, the previous being Facebook Privacy using Friend Lists.

Comments  (1)

8d04c13e080ecc73656118e7650fbb4c

Facebook Privacy using Friend Lists

December 04, 2009 Added by:Todd Zebert

While Facebook’s Privacy settings are a powerful method of controlling who sees what kind of information about you, unless you create and maintain Friend Lists, you are effectively limited to all Friends seeing everything.

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

'Mafia Wars' CEO Brags About Scamming Users from Day One

November 29, 2009 Added by:Infosec Island Admin

I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.

Comments  (3)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 3)

November 11, 2009 Added by:Stephen Primost

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 1)

October 26, 2009 Added by:Stephen Primost

With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as to what constitutes an “application problem”. One j...

Comments  (2)

B32b392ce3a707f05f4838c48c67d9cf

Should SSL be enabled on every website?

October 14, 2009 Added by:Christopher Hudel

Using SSL to secure all websites may seem like an odd choice; most websites contain no "nuggets" worth taking, SSL apparently slows the page load time (especially on over provisioned hosting platforms), and it's not clear if doing so will kibosh any search engine optimizations. 

Comments  (10)

39b6d5c1d3c6db11155b975f1b08059f

Anti-Social Networking Sites: Part 2

October 09, 2009 Added by:Ron Lepofsky

Since the last blog there has been a steady stream of news about more security threats originating at web sites, particularly from social networking sites.  Profit motive appears to be the primary intent of the threats.  The methodology is committing identity theft for profit.   Below are a sample of four  web based news articles to which I refer:

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Anti-Social Networking Sites

October 09, 2009 Added by:Ron Lepofsky

Over the last two weeks security news reports identify social networking sites as distribution points for malware of all sorts and flavours and as botnets for distributing more of the same.  In addition, site users seem enthusiastic to reveal personal information to those who would gladly accept the information for purposes of identity theft

Comments  (1)

B426b30042abbc15e363cb679bbc937d

Facebook’s Faith: A New Scareware Attack

October 01, 2009 Added by:Daniel Kennedy

On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?a...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Federal Web sites knocked out by cyber attack

July 08, 2009 Added by:Infosec Island Admin

According to an article by the Assoiated Press, and subsequently the Washington Post, several Government agencies in the US and South Korea were under attack by roughly 60,000 infected PCs across the globe.

Comments  (0)

Page « < 22 - 23 - 24 - 25 - 26 > »