Items Tagged with "Application Security"
Report Issued on Enterprise Security Challenges
February 09, 2011 Added by:Headlines
More than one in four of those queried in the study pointed to a disconnect between the IT department and executive level management as an issue, echoing concerns that have been at the center of many conversations in the information security field...
Comments (0)
Mozilla Developing Attack-Aware Security Applications
February 09, 2011 Added by:Headlines
Mozilla is taking steps to make the company's applications more secure by enabling them to identify exploit attempts. The approach is termed "attack-aware" and seeks to determine if actions by a user are intended to discover weaknesses in an application that could be used to design an attack...
Comments (0)
Medical Device Security Trends
February 08, 2011 Added by:Danny Lieberman
Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams, and how vulnerable this data is, there is a huge amount of work to be done to ensure patient safety, privacy and data delivery...
Comments (0)
Several New DB2 and PostgresSQL Exploits in the Wild
February 07, 2011 Added by:Brent Huston
If you are running these applications as a part of your core business processes, now might be a good time to check with the vendor support sites, download the available updates and get them into your maintenance windows as a critical update...
Comments (0)
Google Adds Authentication to Google Apps
February 04, 2011 Added by:Bill Gerneglia
By implementing DomainKeys Identified Mail (DKIM) at no additional cost to Google Apps users, the company says it is giving email senders a way to validate who they are in a manner that spam filters recognize, therefore ensuring higher message delivery rates to recipients...
Comments (0)
Customer Security and Software Security
February 02, 2011 Added by:Danny Lieberman
What threats really count for your business? No question is more important for implementing effective security. The management, the software developers and security analysts cannot expect to mitigate risk without knowing the sources and costs of threats to products and the products’ users...
Comments (3)
The Velocity of Pwn3d
February 01, 2011 Added by:Rafal Los
The attack surface of today's connected Internet has exploded like a fractal, which means that the velocity is many orders of magnitude faster than it "used to be" and as applications and then people become the targeted entities, our defensive strategies need to change...
Comments (1)
Cisco WebEx Conferencing Security Vulnerabilities
February 01, 2011 Added by:Headlines
The first vulnerability leaves the end-user's computer open to remote execution of commands by an attacker. The second vulnerability causes meeting attendee's computers to crash if a minor alteration is made to the XML code in a file that controls the WebEx polling feature...
Comments (0)
Safeguarding Your Data From Hackers and Intruders
January 31, 2011 Added by:Brent Huston
Browsing the Internet is fun, entertaining, and often necessary. Web browsers are also a ripe playground for nefarious activity which means the more risky places you visit, the bigger the chance that you’ll face some sort of danger...
Comments (0)
Q and A with Hacker "srblche srblchez"
January 28, 2011 Added by:Rafal Los
An independent attacker who writes their own scripts and hacks in 'a couple of seconds' is your worst nightmare as a security professional, mostly because the velocity of attack is so great and the likelihood of being caught in a detection system like an IPS is so low...
Comments (1)
Cross-Site Scripting (XSS) - Some Examples
January 27, 2011 Added by:Ben Keeley
A reflected XSS vulnerability is when ‘code’ is injected into a website in such a way so as to deliver a payload or to produce a result on the end users browser. Reflected XSS vulnerabilities are delivered to a victim via various means such as an email causing the user to click on a malicious URL...
Comments (1)
Avoiding the Top 3 Application Security Mistakes
January 26, 2011 Added by:Rafal Los
You cannot reasonably expect to take application security analysis results and hurl them over the proverbial wall into the developer's world and expect something magical to happen. It won't. 9 out of 10 times the mass of bits you just sent over will be ignored, or worse, misunderstood...
Comments (0)
Monitoring Site Traffic for Fraud Prevention
January 25, 2011 Added by:Richard Stiennon
Although deploying web application firewalls from Imperva or AppSec Inc. is the best way to defend against these attacks, more sophisticated attacks may take advantage of yet undiscovered vulnerabilities or use the very structure of the site to engage in fraudulent practices, often as authenticated users...
Comments (0)
Why Application Security Programs Fail
January 23, 2011 Added by:Rafal Los
Having clearly-defined and attainable goals of your Software Security Assurance program is more important than almost anything else. While there are many subtleties to building goals in any organization, without them being clearly defined and reachable you cannot expect anything else but failure...
Comments (0)
Credit Card Security in the Cloud
January 21, 2011 Added by:Danny Lieberman
Obviously, the standard was written by system administrators and not programmers because the notion of inter-process communications is ignored. Once we are running online transaction applications in the cloud, the notion of public networks becomes an antiquated given...
Comments (1)
Facebook Faux Paux Reveals Private Data
January 18, 2011 Added by:Headlines
The pop-up now includes a request for permission to access the user's address and cell phone number. The change is subtle enough that most Facebook users are apt to allow the application to access this data without even noticing...