Items Tagged with "Application Security"


959779642e6e758563e80b5d83150a9f

Applications vs. the Web: Enemy or Friend?

March 16, 2012 Added by:Danny Lieberman

A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Going Back to the Stack

March 15, 2012 Added by:Wendy Nather

If you have parts of your infrastructure outsourced, go over your contracts with your providers. You want them to be able to give you logs within a few minutes of the request and have the right technical support without fighting your way through first-level script-readers...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Examining the Top Ten Database Threats

March 14, 2012 Added by:PCI Guru

Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Ubuntu 12.04 Will Bring OS-Level Security Options

March 14, 2012 Added by:Electronic Frontier Foundation

In the upcoming release on April 26, Ubuntu 12.04 is introducing operating system-wide settings that let you delete portions of your activity log, disable logging for specific types of files and applications, or disable activity logging altogether...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Assumptions: A Common but Dangerous Programming Practice

March 13, 2012 Added by:Fergal Glynn

Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...

Comments  (0)

37d5f81e2277051bc17116221040d51c

How Safe is Paying Online with Your Smart Phone?

March 13, 2012 Added by:Robert Siciliano

Handset manufacturers, application developers, and mobile security vendors continue working to improve mobile security. Banks are offering a consistent sign-on experience for both their online and mobile channels, including multifactor authentication programs for mobile...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Building an AppSec Training Program for Development Teams

March 07, 2012 Added by:Fergal Glynn

A holistic application security approach that includes integrating developer training with static analysis and advanced remediation techniques will help reduce overall risk across your enterprise application portfolio and will strengthen your security program...

Comments  (0)

59da131e1207b6fadf8fec3862d85ad1

Cloud Security Report: The Cloud May Be Safer

March 05, 2012 Added by:alan shimel

This first installment of what promises to be a semi-annual report sheds some real light on the differences between on premises and cloud security environments, and also advances the notion that despite the FUD the cloud may in fact be safer for certain kinds of applications...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Apple’s PC Free Feature: Insecure, But Maybe That’s Good

March 02, 2012 Added by:Brent Huston

During the WWDC keynote, Brent Huston spent considerable time discussing the lack of built-in security for the iOS. Each unique identifier on numerous devices would allow possibly unwanted users to see information they shouldn’t see. In some cases, not such a bad idea...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Do You Have A False Sense of Security for Mobile?

March 02, 2012 Added by:Robert Siciliano

With unit sales of smartphones and tablets eclipsing those of desktop and laptop PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues. Protect yourself...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Continuous Patching: Is it Viable in the Enterprise?

February 28, 2012 Added by:Rafal Los

The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...

Comments  (2)

00c83c62ef65f17ce8e790850c596964

Secure Now or Forever...

February 24, 2012 Added by:Pamela Gupta

Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Targeting of Android Devices Leads Malware Trends for 2012

February 24, 2012 Added by:Headlines

"Smartphones and tablets are finally delivering consumers with these converged and connected experiences we've been promised for so long. But this is a double edged sword: as smart device usage becomes more sophisticated, so too are cyber criminals' methods of attacking..."

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Why Less Emphasis On Software Security?

February 23, 2012 Added by:Keith Mendoza

The only real fix for this is a mindset shift. At the minimum, software developers need to code defensively regardless of the scope of the project, because this needs to become a habit. Coding standards should include requirements that all compiler warnings should be resolved...

Comments  (4)

44fa7dab2a22dc03b6a1de4a35b7834a

A Security Resolution for Developers

February 22, 2012 Added by:Bill Gerneglia

You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FTC Removed Security Protocols from Website Contract

February 21, 2012 Added by:Headlines

The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...

Comments  (0)

Page « < 8 - 9 - 10 - 11 - 12 > »