Blog Posts Tagged with "Application Security"


Pwning Networks Through Vulnerable Applications

December 08, 2014 Added by:Saurabh Harit

If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications.

Comments  (0)


PHP and Application Security

June 10, 2013 Added by:Lee Mangold

The low barrier-of-entry for PHP allows inexperienced developers act like engineers and publish insecure code. These developers may be developing useful stuff, but they simply don't understand security.

Comments  (0)


Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (14)


Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)


Power to the People and the Coming AppSec Revolution

January 24, 2013 Added by:Fergal Glynn

It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...

Comments  (0)


California AG Releases Mobile App Guidelines; Industry Responds

January 24, 2013 Added by:David Navetta

The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines...

Comments  (1)


Cloud App Integration: Incredibly Important, But Also Problematic

January 22, 2013 Added by:Ben Kepes

As we move into the cloud-dominated world, the issue of integration is more prominent as enterprises realize how many different systems are being used throughout their organizations. While one of the best things about cloud is the democratization of technology, this is also one of the most problematic areas...

Comments  (1)


Mobile App Security Series: It’s 10pm. Do you know where your data is?

January 16, 2013 Added by:Brandon Knight

Mobile devices continue to pick up steam on becoming the primary device that many people use for email, web browsing, social media and even shopping. As we continue installing app after app which we then put our personal information in to the question is how secure are these apps?

Comments  (0)


Who is Responsible for Application Security? Development or Security?

January 10, 2013 Added by:Matt Neely

During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...

Comments  (1)


Bad Piggies, Graffiti and the IRT

December 21, 2012 Added by:Fergal Glynn

Chrome users have almost no way of evaluating the trustworthiness of Chrome extension publishers because Google doesn’t have any reputation ranking system, nor does it review applications and extensions before they’re published...

Comments  (0)


The Four Horsemen of the Cyber-Apocalypse: Security Software FUD

December 15, 2012 Added by:Tripwire Inc

Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood...

Comments  (1)


Software is Eating the World, And APIs are the Fuel For That

November 13, 2012 Added by:Ben Kepes

The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...

Comments  (0)


The secrets of incorporating security into functional testing

November 11, 2012 Added by:Rafal Los

Whether you agree with that or not, my proposal is that with the right tools it can be done. More than just the right tools, with tools that appropriately match the use-case of the functional tester... so I've started collecting a list of things functional testers would require to add in the security...

Comments  (0)


New Mobile Security App for Android Smartphones

September 27, 2012 Added by:Robert Siciliano

As more online retailers introduce mobile e-commerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application...

Comments  (1)


Three Keys to Managing Firewalls for Better Security

September 25, 2012 Added by:Richard Stiennon

The that firewalls do not provide value had its first incarnation in de-perimeterization. The idea is that because network security is so hard we should give up and focus on securing the endpoints and data that travels between them. In reality we have to defend four separate domains...

Comments  (1)


Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »