Blog Posts Tagged with "Web Application Security"


Web Application Security: Can Developers Learn Secure Coding?

April 25, 2011 Added by:kapil assudani

With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...

Comments  (0)


Defending Web Apps Against Overwhelming Odds

April 24, 2011 Added by:Rafal Los

We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?

Comments  (0)


Let’s Go with the Web Application Scan... It's Cheaper

April 21, 2011 Added by:Gary McCully

Many times, when choosing a Web Application Assessment, a company will choose the cheapest Assessment available without understanding the Pros and Cons of each Web Application Security Assessment. It is important to realize the fact that the cheapest option is not always the best option...

Comments  (0)


Web Application Security: Minimizing the Risk of Attacks

April 19, 2011 Added by:Sasha Nunke

Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...

Comments  (0)


Sophos Shames Facebook over Lax Security

April 18, 2011 Added by:Headlines

"Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences. A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’..."

Comments  (0)


Webapp Scanner Review: Acunetix Versus Netsparker

April 11, 2011 Added by:Mark Baldwin

Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...

Comments  (5)


Cyber Criminals Target Online Gambling Sites

March 22, 2011 Added by:Robert Siciliano

As more people turn to online poker, bingo, sportsbooks, and betting sites, cyber criminals are developing more ways to take advantage. Financial fraud such as chargebacks and money laundering are major issues for gambling operators, not to mention player collusion and bonus abuse...

Comments  (0)


The Web Application Security "White Elephants"

March 20, 2011 Added by:Rafal Los

We were both talking about things that aren't necessarily new to the security or app-dev community, but aren't being actively addressed. It hit me that there were two big white elephants in the room, and we happened to be talking about them in an open forum.. Finally...

Comments  (0)


Financial Trojans: Following the Money

March 16, 2011 Added by:Simon Heron

The malware is able to wait until the victim has successfully logged on to their bank before inserting itself between the browser and the bank’s website and then invisibly transferring money to some individual who believes they are working for a legitimate company...

Comments  (8)


Cross-Site Scripting in the Wild Exploiting Your Droid

March 16, 2011 Added by:Rafal Los

You've got mobile devices now like the iPhone, the 'Droids, the RIM devices, Windows7 handsets and of course WebOS-based devices too. Guess where all the 'apps' and updates come from? Guess what the #1 used transport protocol is on those devices? HTTP...

Comments  (0)


Real-Life Example of a 'Business Logic Defect'

March 13, 2011 Added by:Rafal Los

I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...

Comments  (0)


Web Application Security for Dummies

March 09, 2011 Added by:Sasha Nunke

Web application security may seem like a complex, daunting task. This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner...

Comments  (0)


Report: Websites Remain Vulnerable to Attacks

March 09, 2011 Added by:Headlines

The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...

Comments  (1)


Web App's Public Enemy Number 1: SQL Injection

February 25, 2011 Added by:Rafal Los

It can't be that there isn't enough technology to find SQL Injection in your code... static analysis, dynamic analysis, home-brew scripts, IDE plug-ins, and literally hundreds of ways to identify SQL Injection in your code. So the problem can't be that we don't know how to find it...

Comments  (0)


Configuring Web 2.0 Applications to be Friendly But Secure

February 25, 2011 Added by:Danny Lieberman

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...

Comments  (0)


Why does Web App Security Continue to Stink?

February 21, 2011 Added by:Andy Willingham

Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...

Comments  (1)

Page « < 2 - 3 - 4 - 5 - 6 > »