Search:

Items Tagged with "Application Security"


44fa7dab2a22dc03b6a1de4a35b7834a

A Security Resolution for Developers

February 22, 2012 Added by:Bill Gerneglia

You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FTC Removed Security Protocols from Website Contract

February 21, 2012 Added by:Headlines

The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

A Better Path for Applications: Respecting Users

February 20, 2012 Added by:Electronic Frontier Foundation

Even with industry standard security practices in place, data is still vulnerable to a breach or a subpoena. Companies collecting personal data have an obligation to keep as little personally identifiable data as necessary to provide their services...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Application Software and Security: A Tale of Two Market Sizes

February 20, 2012 Added by:Fergal Glynn

We spend 0.3% of what we pay for software on ensuring that it is secure. Now you can argue that manual testing is not included. However, even when you account for this variance, the gap in what we spend to buy software and what we spend to secure it is huge...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

AdiOS: Say Goodbye to Nosy iPhone Apps

February 17, 2012 Added by:Fergal Glynn

I put together a free utility called AdiOS (Addressbook Detector for iOS) that lets Mac users scan the iOS apps in your iTunes directory to see if they have the potential to dump your phone book externally. AdiOS detects apps that access your address book using a binary grep...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

The Truth Behind Data Breaches

February 16, 2012 Added by:Neira Jones

SQLi was the number one attack vector found in both the Web Hacking Incident Database and the number one Web-based method of entry in incident response investigations. SQL injections were the number one Web application risk of 2011...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Will the Real IT Security Researcher Please Stand Up?

February 13, 2012 Added by:Rafal Los

Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 12, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Apple’s PC Free Feature: Insecure, But Maybe That’s Good

February 11, 2012 Added by:Brent Huston

During the WWDC keynote, Brent Huston spent considerable time discussing the lack of built-in security for the iOS. Each unique identifier on numerous devices would allow possibly unwanted users to see information they shouldn’t see. In some cases, not such a bad idea...

Comments  (0)

4e21f96122846f32545687ad42b271e2

Some "LightReading" about Mobile Application Security

February 10, 2012 Added by:Security Ninja

Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Tips for Organizations Heading to the Cloud

February 09, 2012 Added by:Ben Kepes

Identify the data that is touched by each IT process. Is there any data that has to stay in-house for security or compliance reasons? You may need to change IT processes so the sensitive data is not affected by the transition...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Top Ten Java Frameworks Observed in Customer Applications

February 09, 2012 Added by:Fergal Glynn

One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...

Comments  (0)

C0ce96d88f03663465da2ec8c1b51d11

What’s Wrong with WAFs and How to Hack Them - Part 2

February 08, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

7d35335f47d5d82b093aeee47a5b0a64

Gaining Access to a Check Point Appliance

February 08, 2012 Added by:Bill Mathews

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Penny Wise, Pound Foolish: Avoiding Security Spend Pitfalls

February 07, 2012 Added by:Fergal Glynn

Knowing how much money you’re going to spend upfront is a challenge until you have the application inventory, until you know what your risk tolerances are, and until you have a fair idea of what the problems are. You’ll have to start slow and realize the number may grow...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec Identifies Polymorphic Android App Malware

February 06, 2012 Added by:Headlines

Researchers at Symantec have identified a crafty Trojan targeting Android devices which slightly modifies its code every time the malware is downloaded, a called server-side polymorphism, which makes it more difficult to detect by signature-based antivirus software defenses...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Popular Topics
Anonymous  Application Security  Attacks  Authentication  China  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyberwar  Data Loss  Data Loss Prevention  Encryption  Enterprise Security  Government  Hacking  Hacktivist  Headlines  Information Security  Infosec  Infrastructure  Legal  Management  National Security  Network Security  PCI DSS  Passwords  Privacy  SCADA  Security  Security Awareness  Stuxnet  Training  Vulnerabilities  breach  breaches  fraud  hackers  malware 

Your Own Private Island

December 24, 2011
Coming Soon! Build your own Island right here!

Make your home Infosec Island with your own private vanity URL, design options and private network of followers.

Infosec Island v2

December 24, 2011
The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.

Thanks to everyone for a great year, and we're looking forward to an excellent 2012!
Latest Survey Results
2011 will be most likely be remembered for:
results