Web App Security
July 18, 2012 Added by:Electronic Frontier Foundation
By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
July 13, 2012 Added by:Electronic Frontier Foundation
Efforts to break the partisan stalemate over the Cybersecurity Act, a bill that would allow Internet companies to monitor the communications of users and pass that data to the government without any judicial oversight, have backers of the bill attempting to drum up fears about catastrophic cyberattacks...
July 12, 2012 Added by:Electronic Frontier Foundation
A controversial, anti-privacy data retention mandate is notably absent from the child protection bill recently introduced by Rep. Lamar Smith. Smith had previously introduced H.R. 1981, which would have mandated that ISPs collect and maintain data on Internet users not suspected of any crime...
July 12, 2012 Added by:Wendy Nather
I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...
July 10, 2012 Added by:Headlines
"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."
July 10, 2012 Added by:Rafal Los
While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....
July 09, 2012 Added by:Robert Siciliano
It’s no longer possible to deny that your life in the physical world and your digital life are one and the same. While you are present here on the ground, you also exist online, whether you know it or like it or not. Coming to terms with this reality will help you make better decisions in many aspects of your life...
July 08, 2012 Added by:Allan Pratt, MBA
It should come as no surprise that businesses are taking advantage of the public’s fascination of placing their day-to-day activities on social networking sites. This may seem inappropriate and offensive, and it might be – but for the moment, it’s not illegal. We have only ourselves to blame...
July 05, 2012 Added by:Scott Thomas
Privacy is a huge issue to most of us in the infosec community. Where this hits home though is when you're contemplating making a career move. You want the industry to know that you're considering your choices, but you don't want "the wrong people" to know (read: your current employer)...
July 04, 2012 Added by:Theresa Payton
We have mentioned before that Twitter will send every tweet to the National Archives and the Library of Congress, so watch what you tweet. Now new tools unleash a trove of data in moments. For the 140 million and growing user base that tweets over 400 million tweets per day, this might be a little more than alarming...
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
June 28, 2012 Added by:gaToMaLo r. amores
For anonymous transactions to be possible through Bitcoin, a mixing system must be used. There are two types: Those secure against attack from people viewing the public transaction like Bitcoin Laundry, and those secure against attack from the mixing system itself, like Open Transactions...
June 28, 2012 Added by:Pierluigi Paganini
Anonymizing services are based on the concept of distribution of routing information during a transmission. It is not known prior the path between a source and destination, and every node of the network manages minimal information to route the packets to the next hop without preserving history of the path...
June 28, 2012 Added by:Headlines
“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
What is the Deep Web? A Trip into the Abyss.... Smukke Smukke on 06-13-2013
NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013
Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013