Webappsec->General

E313765e3bec84b2852c1c758f7244b6

Ask The Experts: Online Banking

October 24, 2012 Added by:Brent Huston

Instead of using your actual name as your login, why not use something different that is hard to guess and doesn’t reveal anything about your identity? It always pays to make it as tough on the cyber-criminals as possible..

Comments  (0)

A1f4c2dd4be7f118911ec4e0df35aab1

Believe It or Not, DevOps and Infosec Are a Perfect Culture Match

October 14, 2012 Added by:Gene Kim

By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...

Comments  (0)

32137b352537f11c1efe063869f00e0e

Java, Flash, and the Choice of Usability Over Security

September 10, 2012 Added by:Le Grecs

Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Securing Your Application Perimeter: Getting Results

September 08, 2012 Added by:Fergal Glynn

What applications should you be testing? Just because the discovery process identifies 300 web applications doesn’t mean that you’d want to test the 30 that clearly should be decommissioned...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Google Wallet: Please Tell Me They’re Joking...

September 08, 2012 Added by:Joel Harding

No computer in the world is safe from a determined hacker. Most of us don’t properly secure our computer, our smart phone, or even our wallets. So how in the heck does storing your credit and debit card information “in the cloud” help you secure your already vulnerable information?

Comments  (1)

01ceb9281b3fb3dbb90c3efbe327717e

eVoting Gets Real

September 03, 2012 Added by:Alan Woodward

Having written about the characteristics of reliable e-voting systems in Scientific American recently it is interesting to see that officials are now working hard to implement it.

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Three Domains Seized for Distributing Pirated Android Apps

August 27, 2012 Added by:Headlines

“Software apps have become an increasingly essential part of our nation’s economy and creative culture, and the Criminal Division is committed to working with our law enforcement partners to protect the creators of these apps and other forms of intellectual property from those who seek to steal it..."

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

The Seven Qualities of Highly Secure Software

August 23, 2012 Added by:Ben Rothke

Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

A Day Without COBOL: The Crucial Role it Plays

August 21, 2012 Added by:Bill Gerneglia

Those who have labeled COBOL ‘a dying language’ should reconsider. With COBOL supporting the majority of the world’s businesses, it is impossible to dispute its viability in the enterprise. It remains a cornerstone of business-critical applications and has successfully navigated through each computing generation...

Comments  (0)

812d096e189ecbac061ebfe343f91e1e

To “Open Source” or “Not to Open Source”

July 27, 2012 Added by:Andrew Sanicola

Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Broken Logic: Avoiding the Test Site Fallacy

July 25, 2012 Added by:Fergal Glynn

Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance: Figuring Out the Developers

July 18, 2012 Added by:Rafal Los

From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Coders Rights at Risk in the European Parliament

July 18, 2012 Added by:Electronic Frontier Foundation

By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Web Application Firewalls: There is No Spoon

July 12, 2012 Added by:Wendy Nather

I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Detecting Unknown Application Vulnerabilities "In Flight"

July 10, 2012 Added by:Rafal Los

While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »