Blog Posts Tagged with "Web Application Security"

44fa7dab2a22dc03b6a1de4a35b7834a

Web Application Security - Real or Imagined?

May 17, 2011 Added by:Bill Gerneglia

Once an user accesses your databases through a web application, your control over the user's actions diminishes. A malicious user can "craft" inputs into their browser that allow them to do things other than what you want them to do. Security is a real concern in such a situation...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Web Application Security: Can Developers Learn Secure Coding?

April 25, 2011 Added by:kapil assudani

With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defending Web Apps Against Overwhelming Odds

April 24, 2011 Added by:Rafal Los

We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Let’s Go with the Web Application Scan... It's Cheaper

April 21, 2011 Added by:Gary McCully

Many times, when choosing a Web Application Assessment, a company will choose the cheapest Assessment available without understanding the Pros and Cons of each Web Application Security Assessment. It is important to realize the fact that the cheapest option is not always the best option...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Web Application Security: Minimizing the Risk of Attacks

April 19, 2011 Added by:Sasha Nunke

Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sophos Shames Facebook over Lax Security

April 18, 2011 Added by:Headlines

"Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences. A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’..."

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Webapp Scanner Review: Acunetix Versus Netsparker

April 11, 2011 Added by:Mark Baldwin

Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...

Comments  (5)

37d5f81e2277051bc17116221040d51c

Cyber Criminals Target Online Gambling Sites

March 22, 2011 Added by:Robert Siciliano

As more people turn to online poker, bingo, sportsbooks, and betting sites, cyber criminals are developing more ways to take advantage. Financial fraud such as chargebacks and money laundering are major issues for gambling operators, not to mention player collusion and bonus abuse...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Web Application Security "White Elephants"

March 20, 2011 Added by:Rafal Los

We were both talking about things that aren't necessarily new to the security or app-dev community, but aren't being actively addressed. It hit me that there were two big white elephants in the room, and we happened to be talking about them in an open forum.. Finally...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Financial Trojans: Following the Money

March 16, 2011 Added by:Simon Heron

The malware is able to wait until the victim has successfully logged on to their bank before inserting itself between the browser and the bank’s website and then invisibly transferring money to some individual who believes they are working for a legitimate company...

Comments  (8)

0a8cae998f9c51e3b3c0ccbaddf521aa

Cross-Site Scripting in the Wild Exploiting Your Droid

March 16, 2011 Added by:Rafal Los

You've got mobile devices now like the iPhone, the 'Droids, the RIM devices, Windows7 handsets and of course WebOS-based devices too. Guess where all the 'apps' and updates come from? Guess what the #1 used transport protocol is on those devices? HTTP...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Real-Life Example of a 'Business Logic Defect'

March 13, 2011 Added by:Rafal Los

I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Web Application Security for Dummies

March 09, 2011 Added by:Sasha Nunke

Web application security may seem like a complex, daunting task. This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Report: Websites Remain Vulnerable to Attacks

March 09, 2011 Added by:Headlines

The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Web App's Public Enemy Number 1: SQL Injection

February 25, 2011 Added by:Rafal Los

It can't be that there isn't enough technology to find SQL Injection in your code... static analysis, dynamic analysis, home-brew scripts, IDE plug-ins, and literally hundreds of ways to identify SQL Injection in your code. So the problem can't be that we don't know how to find it...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Configuring Web 2.0 Applications to be Friendly But Secure

February 25, 2011 Added by:Danny Lieberman

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »