Blog Posts Tagged with "Web Application Security"
April 25, 2011 Added by:kapil assudani
With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...
April 24, 2011 Added by:Rafal Los
We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?
April 21, 2011 Added by:Gary McCully
Many times, when choosing a Web Application Assessment, a company will choose the cheapest Assessment available without understanding the Pros and Cons of each Web Application Security Assessment. It is important to realize the fact that the cheapest option is not always the best option...
April 19, 2011 Added by:Sasha Nunke
Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...
April 18, 2011 Added by:Headlines
"Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences. A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’..."
April 11, 2011 Added by:Mark Baldwin
Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...
March 22, 2011 Added by:Robert Siciliano
As more people turn to online poker, bingo, sportsbooks, and betting sites, cyber criminals are developing more ways to take advantage. Financial fraud such as chargebacks and money laundering are major issues for gambling operators, not to mention player collusion and bonus abuse...
March 20, 2011 Added by:Rafal Los
We were both talking about things that aren't necessarily new to the security or app-dev community, but aren't being actively addressed. It hit me that there were two big white elephants in the room, and we happened to be talking about them in an open forum.. Finally...
March 16, 2011 Added by:Simon Heron
The malware is able to wait until the victim has successfully logged on to their bank before inserting itself between the browser and the bank’s website and then invisibly transferring money to some individual who believes they are working for a legitimate company...
March 16, 2011 Added by:Rafal Los
You've got mobile devices now like the iPhone, the 'Droids, the RIM devices, Windows7 handsets and of course WebOS-based devices too. Guess where all the 'apps' and updates come from? Guess what the #1 used transport protocol is on those devices? HTTP...
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
March 09, 2011 Added by:Sasha Nunke
Web application security may seem like a complex, daunting task. This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner...
March 09, 2011 Added by:Headlines
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...
February 25, 2011 Added by:Rafal Los
It can't be that there isn't enough technology to find SQL Injection in your code... static analysis, dynamic analysis, home-brew scripts, IDE plug-ins, and literally hundreds of ways to identify SQL Injection in your code. So the problem can't be that we don't know how to find it...
February 25, 2011 Added by:Danny Lieberman
In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...
February 21, 2011 Added by:Andy Willingham
Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015