Items Tagged with "Application Security"
ICS-CERT: Open Automation Software OPC Systems Vulnerability
January 13, 2012 Added by:Headlines
Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...
Comments (0)
Mobile Security: Android vs. iOS - An Infographic
January 12, 2012 Added by:Fergal Glynn
With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace, the security of these devices is a growing concern. This infographic examines the security features of Android and iOS, and also takes a look at their strengths and weaknesses...
Comments (1)
Vulnerability Response Done Right
January 09, 2012 Added by:Fergal Glynn
Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...
Comments (0)
Avoid Cracks in Your Website's Security Armor
January 08, 2012 Added by:Allan Pratt, MBA
I have heard from several colleagues that their blogs have been compromised. While a security breach may be inevitable – heck, branches of the Federal Government and national financial institutions have been hacked – there are steps you can take to protect the valuable data...
Comments (0)
Facebook Attacks Feed Affiliate Marketing Scams
January 04, 2012 Added by:Headlines
"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."
Comments (0)
US CERT: Hash Table Collision Attack Vulnerability
January 04, 2012 Added by:Headlines
US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...
Comments (0)
On Input Validation
December 29, 2011
Input validation is a good security principle based on your application looking at what’s being asked of it and deal in a secure manner. It’s not always fool proof, but goes a long way...
Comments (0)
Want Rapid Feedback? Try a Web Application Security Scan
December 27, 2011 Added by:Brent Huston
While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...
Comments (0)
The Security Impact of Performance
December 22, 2011 Added by:Rafal Los
DDoS is being used as a tool that has turned poor performing systems into weapons against their implementers. It proves that no matter how big the pipe you have, it's possible to push so much traffic that the odds of handling it properly and staying available are virtually zero...
Comments (2)
PCI Compliance: What is In-Scope?
December 15, 2011 Added by:PCI Guru
You would think this question would be easy to answer when talking about the PCI standards because all that processes, stores or transmits cardholder data is in-scope. However, the nuances in the implementation of technological solutions do not always allow a black and white answer...
Comments (0)
Don't Fall Victim to Poor Network Segmentation
December 13, 2011 Added by:f8lerror
If an attacker compromises the DMZ, it is important to stop them there. Firewalls and segmentation is the key to this. Should a user have unlimited access to the internal network from a Citrix server or VPN? Or be able to connect to file shares, internal web applications, and databases?
Comments (0)
Top Ten HTML5 Attack Vectors
December 09, 2011 Added by:Headlines
"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."
Comments (0)
ENISA Smartphone Secure Development Guidelines
December 07, 2011
This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...
Comments (0)
Human Security is Weaker than IT Security
December 06, 2011 Added by:Robert Siciliano
Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement...
Comments (0)
Android Apps Violate Permissions - But Who Cares, Right?
December 06, 2011 Added by:Ed Moyle
These guys built a tool called "woodpecker" that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model. Go read it - you'd be surprised what they've found...
Comments (0)
Mobile App Makers Must Protect Children’s Privacy
December 05, 2011 Added by:Kelly Colgan
Mobile applications do much more than entertain, inform, or otherwise make life more convenient. Depending on the app, companies can access private information as varied as phone and email contacts, call logs, calendar data, and data about the device, and therefore our location...