Items Tagged with "Application Security"


0a8cae998f9c51e3b3c0ccbaddf521aa

Data Loss Prevention Step 5: Disable Access to Cloud Storage Services

January 16, 2012 Added by:Rafal Los

This is part 5 in a series, and it's about pulling your data away from the clutches of the cloud. It's not all as crazy as that sounds though, because the cloud has real benefits, but it has to be approached with sanity rather than as the ostrich approaches the sandstorm...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Why Do We Pen Test?

January 13, 2012 Added by:Robb Reck

When we get deep into the weeds of any pentest, the results are not going to be pretty. Some systems don’t get patched like they should. Some servers get stood up outside proper change controls. These types of exceptions cause pentest findings and look bad. They are gotchas...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Open Automation Software OPC Systems Vulnerability

January 13, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Mobile Security: Android vs. iOS - An Infographic

January 12, 2012 Added by:Fergal Glynn

With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace, the security of these devices is a growing concern. This infographic examines the security features of Android and iOS, and also takes a look at their strengths and weaknesses...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Vulnerability Response Done Right

January 09, 2012 Added by:Fergal Glynn

Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

Avoid Cracks in Your Website's Security Armor

January 08, 2012 Added by:Allan Pratt, MBA

I have heard from several colleagues that their blogs have been compromised. While a security breach may be inevitable – heck, branches of the Federal Government and national financial institutions have been hacked – there are steps you can take to protect the valuable data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Facebook Attacks Feed Affiliate Marketing Scams

January 04, 2012 Added by:Headlines

"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

On Input Validation

December 29, 2011

Input validation is a good security principle based on your application looking at what’s being asked of it and deal in a secure manner. It’s not always fool proof, but goes a long way...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Want Rapid Feedback? Try a Web Application Security Scan

December 27, 2011 Added by:Brent Huston

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Security Impact of Performance

December 22, 2011 Added by:Rafal Los

DDoS is being used as a tool that has turned poor performing systems into weapons against their implementers. It proves that no matter how big the pipe you have, it's possible to push so much traffic that the odds of handling it properly and staying available are virtually zero...

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance: What is In-Scope?

December 15, 2011 Added by:PCI Guru

You would think this question would be easy to answer when talking about the PCI standards because all that processes, stores or transmits cardholder data is in-scope. However, the nuances in the implementation of technological solutions do not always allow a black and white answer...

Comments  (3)

71d85bb5d111973cb65dfee3d2a7e6c9

Don't Fall Victim to Poor Network Segmentation

December 13, 2011 Added by:f8lerror

If an attacker compromises the DMZ, it is important to stop them there. Firewalls and segmentation is the key to this. Should a user have unlimited access to the internal network from a Citrix server or VPN? Or be able to connect to file shares, internal web applications, and databases?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten HTML5 Attack Vectors

December 09, 2011 Added by:Headlines

"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA Smartphone Secure Development Guidelines

December 07, 2011

This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Human Security is Weaker than IT Security

December 06, 2011 Added by:Robert Siciliano

Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement...

Comments  (0)

Page « < 11 - 12 - 13 - 14 - 15 > »