Items Tagged with "Application Security"


ICS-CERT: Cogent DataHub Application Vulnerability

January 18, 2012 Added by:Headlines

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Comments  (0)


Data Loss Prevention Step 5: Disable Access to Cloud Storage Services

January 16, 2012 Added by:Rafal Los

This is part 5 in a series, and it's about pulling your data away from the clutches of the cloud. It's not all as crazy as that sounds though, because the cloud has real benefits, but it has to be approached with sanity rather than as the ostrich approaches the sandstorm...

Comments  (0)


Why Do We Pen Test?

January 13, 2012 Added by:Robb Reck

When we get deep into the weeds of any pentest, the results are not going to be pretty. Some systems don’t get patched like they should. Some servers get stood up outside proper change controls. These types of exceptions cause pentest findings and look bad. They are gotchas...

Comments  (0)


ICS-CERT: Open Automation Software OPC Systems Vulnerability

January 13, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...

Comments  (0)


Mobile Security: Android vs. iOS - An Infographic

January 12, 2012 Added by:Fergal Glynn

With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace, the security of these devices is a growing concern. This infographic examines the security features of Android and iOS, and also takes a look at their strengths and weaknesses...

Comments  (1)


Vulnerability Response Done Right

January 09, 2012 Added by:Fergal Glynn

Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...

Comments  (0)


Avoid Cracks in Your Website's Security Armor

January 08, 2012 Added by:Allan Pratt, MBA

I have heard from several colleagues that their blogs have been compromised. While a security breach may be inevitable – heck, branches of the Federal Government and national financial institutions have been hacked – there are steps you can take to protect the valuable data...

Comments  (0)


Facebook Attacks Feed Affiliate Marketing Scams

January 04, 2012 Added by:Headlines

"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."

Comments  (0)


US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)


On Input Validation

December 29, 2011

Input validation is a good security principle based on your application looking at what’s being asked of it and deal in a secure manner. It’s not always fool proof, but goes a long way...

Comments  (0)


Want Rapid Feedback? Try a Web Application Security Scan

December 27, 2011 Added by:Brent Huston

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...

Comments  (0)


The Security Impact of Performance

December 22, 2011 Added by:Rafal Los

DDoS is being used as a tool that has turned poor performing systems into weapons against their implementers. It proves that no matter how big the pipe you have, it's possible to push so much traffic that the odds of handling it properly and staying available are virtually zero...

Comments  (2)


PCI Compliance: What is In-Scope?

December 15, 2011 Added by:PCI Guru

You would think this question would be easy to answer when talking about the PCI standards because all that processes, stores or transmits cardholder data is in-scope. However, the nuances in the implementation of technological solutions do not always allow a black and white answer...

Comments  (3)


Don't Fall Victim to Poor Network Segmentation

December 13, 2011 Added by:f8lerror

If an attacker compromises the DMZ, it is important to stop them there. Firewalls and segmentation is the key to this. Should a user have unlimited access to the internal network from a Citrix server or VPN? Or be able to connect to file shares, internal web applications, and databases?

Comments  (0)


Top Ten HTML5 Attack Vectors

December 09, 2011 Added by:Headlines

"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."

Comments  (0)


ENISA Smartphone Secure Development Guidelines

December 07, 2011

This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...

Comments  (0)

Page « < 11 - 12 - 13 - 14 - 15 > »