Items Tagged with "Web Application Security"
May 09, 2013 Added by:Mike Lennon
Continuing the security industry trend of publishing infographics, the folks at Enterprise Strategy Group published an infographic that illustrates some of the challenges associated with web application security.
September 26, 2012 Added by:Rafal Los
Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
August 29, 2012 Added by:Wendy Nather
Organizations are motivated to prioritize ease of use over security if they feel their target audience won't be able to use advanced features without support. The result is that the password reset process to an address of record is the easiest way to get into an account. And of course attackers know this too...
August 02, 2012
"SQL injection is a code injection technique that exploits a vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed...."
August 02, 2012 Added by:Scot Terban
One must know the technology and the problems with it before using it cognizantly. This unfortunately is not the case in what is being advocated by Quinn Norton on Wired with regard to Cryptocat. Specifically where she makes declamations about overthrowing governments with things like untested crypto schemes...
July 10, 2012 Added by:Headlines
"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
June 28, 2012 Added by:Keith Mendoza
Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...
June 14, 2012 Added by:Fergal Glynn
Neglecting to take security measures at the application layer is one of the most common causes of data breaches, yet many companies still leave their applications unprotected. Securing applications begins with developer training on the risks applications face and methods required for vulnerability prevention...
May 21, 2012 Added by:Matthijs R. Koot
If you walk into a store, would you appreciate it if the owner phoned a random stranger to tell them? Probably not. Yet every time I visit a website that has a Facebook `Like'-button, my browser discloses that visit to Facebook, despite the fact that I do not have a Facebook profile...
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
March 22, 2012 Added by:Ed Bellis
When you dig into the issue of prioritization it can be complex. Adding to the complexity, factors are often different from organization to organization. I am all for breaking things down to their simplest parts by obfuscating the complex factors, not by eliminating them...
March 21, 2012 Added by:Hani Banayoti
We need to entrust information security to professionals who not only know the fundamental principles and technologies, but are also able to understand and support the business's goals in order to influence and contribute positively to the ongoing infosec challenge...
March 16, 2012 Added by:Danny Lieberman