Web App Security
Coders Rights at Risk in the European Parliament
July 18, 2012 Added by:Electronic Frontier Foundation
By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...
Comments (0)
A Step-by-Step Guide for Choosing the Best Scanner
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
Comments (0)
Cybersecurity, Scare Tactics, and Sacrificing Privacy
July 13, 2012 Added by:Electronic Frontier Foundation
Efforts to break the partisan stalemate over the Cybersecurity Act, a bill that would allow Internet companies to monitor the communications of users and pass that data to the government without any judicial oversight, have backers of the bill attempting to drum up fears about catastrophic cyberattacks...
Comments (0)
No Data Retention Mandate in Smith’s New Legislation
July 12, 2012 Added by:Electronic Frontier Foundation
A controversial, anti-privacy data retention mandate is notably absent from the child protection bill recently introduced by Rep. Lamar Smith. Smith had previously introduced H.R. 1981, which would have mandated that ISPs collect and maintain data on Internet users not suspected of any crime...
Comments (0)
Web Application Firewalls: There is No Spoon
July 12, 2012 Added by:Wendy Nather
I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...
Comments (1)
Thousands of Sites Hacked with Plesk Zero Day Exploit
July 10, 2012 Added by:Headlines
"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."
Comments (0)
Detecting Unknown Application Vulnerabilities "In Flight"
July 10, 2012 Added by:Rafal Los
While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....
Comments (0)
What Does it Take to be Digitally Secure?
July 09, 2012 Added by:Robert Siciliano
It’s no longer possible to deny that your life in the physical world and your digital life are one and the same. While you are present here on the ground, you also exist online, whether you know it or like it or not. Coming to terms with this reality will help you make better decisions in many aspects of your life...
Comments (0)
Should Businesses Be Able to Google Customers?
July 08, 2012 Added by:Allan Pratt, MBA
It should come as no surprise that businesses are taking advantage of the public’s fascination of placing their day-to-day activities on social networking sites. This may seem inappropriate and offensive, and it might be – but for the moment, it’s not illegal. We have only ourselves to blame...
Comments (0)
Is Privacy Worth the Loss of Opportunity?
July 05, 2012 Added by:Scott Thomas
Privacy is a huge issue to most of us in the infosec community. Where this hits home though is when you're contemplating making a career move. You want the industry to know that you're considering your choices, but you don't want "the wrong people" to know (read: your current employer)...
Comments (0)
I Know What You Tweeted Last Summer...
July 04, 2012 Added by:Theresa Payton
We have mentioned before that Twitter will send every tweet to the National Archives and the Library of Congress, so watch what you tweet. Now new tools unleash a trove of data in moments. For the 140 million and growing user base that tweets over 400 million tweets per day, this might be a little more than alarming...
Comments (0)
Despite Breach Trends - Website Vulnerabilities Decrease
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
Comments (1)
Cyber Crime: Government vs. Bitcoin Anonymity
June 28, 2012 Added by:gaToMaLo r. amores
For anonymous transactions to be possible through Bitcoin, a mixing system must be used. There are two types: Those secure against attack from people viewing the public transaction like Bitcoin Laundry, and those secure against attack from the mixing system itself, like Open Transactions...
Comments (0)
The Right to Internet Anonymity and Legal Implications
June 28, 2012 Added by:Pierluigi Paganini
Anonymizing services are based on the concept of distribution of routing information during a transmission. It is not known prior the path between a source and destination, and every node of the network manages minimal information to route the packets to the next hop without preserving history of the path...
Comments (0)
KeePass Vulnerability Exposes Password Lists
June 28, 2012 Added by:Headlines
“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...
Comments (1)
Five Reasons Why You Need an Application Security Program
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
Comments (0)
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor
- Enterprise Software Security - The Fake Choice Between Fast and Secure
- BSidesLV Preview: Vulnerabilities in Application Whitelisting
- Scangate Re-visited: Vulnerability Scanners Uncovered