Blog Posts Tagged with "Web Application Security"
Web Application Security - Real or Imagined?
May 17, 2011 Added by:Bill Gerneglia
Once an user accesses your databases through a web application, your control over the user's actions diminishes. A malicious user can "craft" inputs into their browser that allow them to do things other than what you want them to do. Security is a real concern in such a situation...
Comments (0)
Web Application Security: Can Developers Learn Secure Coding?
April 25, 2011 Added by:kapil assudani
With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...
Comments (0)
Defending Web Apps Against Overwhelming Odds
April 24, 2011 Added by:Rafal Los
We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?
Comments (0)
Let’s Go with the Web Application Scan... It's Cheaper
April 21, 2011 Added by:Gary McCully
Many times, when choosing a Web Application Assessment, a company will choose the cheapest Assessment available without understanding the Pros and Cons of each Web Application Security Assessment. It is important to realize the fact that the cheapest option is not always the best option...
Comments (0)
Web Application Security: Minimizing the Risk of Attacks
April 19, 2011 Added by:Sasha Nunke
Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...
Comments (0)
Sophos Shames Facebook over Lax Security
April 18, 2011 Added by:Headlines
"Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences. A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’..."
Comments (0)
Webapp Scanner Review: Acunetix Versus Netsparker
April 11, 2011 Added by:Mark Baldwin
Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...
Comments (5)
Cyber Criminals Target Online Gambling Sites
March 22, 2011 Added by:Robert Siciliano
As more people turn to online poker, bingo, sportsbooks, and betting sites, cyber criminals are developing more ways to take advantage. Financial fraud such as chargebacks and money laundering are major issues for gambling operators, not to mention player collusion and bonus abuse...
Comments (0)
The Web Application Security "White Elephants"
March 20, 2011 Added by:Rafal Los
We were both talking about things that aren't necessarily new to the security or app-dev community, but aren't being actively addressed. It hit me that there were two big white elephants in the room, and we happened to be talking about them in an open forum.. Finally...
Comments (0)
Financial Trojans: Following the Money
March 16, 2011 Added by:Simon Heron
The malware is able to wait until the victim has successfully logged on to their bank before inserting itself between the browser and the bank’s website and then invisibly transferring money to some individual who believes they are working for a legitimate company...
Comments (8)
Cross-Site Scripting in the Wild Exploiting Your Droid
March 16, 2011 Added by:Rafal Los
You've got mobile devices now like the iPhone, the 'Droids, the RIM devices, Windows7 handsets and of course WebOS-based devices too. Guess where all the 'apps' and updates come from? Guess what the #1 used transport protocol is on those devices? HTTP...
Comments (0)
Real-Life Example of a 'Business Logic Defect'
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
Comments (0)
Web Application Security for Dummies
March 09, 2011 Added by:Sasha Nunke
Web application security may seem like a complex, daunting task. This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner...
Comments (0)
Report: Websites Remain Vulnerable to Attacks
March 09, 2011 Added by:Headlines
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...
Comments (0)
Web App's Public Enemy Number 1: SQL Injection
February 25, 2011 Added by:Rafal Los
It can't be that there isn't enough technology to find SQL Injection in your code... static analysis, dynamic analysis, home-brew scripts, IDE plug-ins, and literally hundreds of ways to identify SQL Injection in your code. So the problem can't be that we don't know how to find it...
Comments (0)
Configuring Web 2.0 Applications to be Friendly But Secure
February 25, 2011 Added by:Danny Lieberman
In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!