|
Metrics Revisited ? Application Security Metrics
2008-05-13 01:03:00 bloginfosec.com – I have recently been giving some thought to, and doing some research into, application security metrics, and I have determined, quite simply, that there aren?t any good ones. ?How ridiculous? you say, ?We have two dozen application security metrics, which we report in real time, daily, weekly and fortnightly.? Yes, I understand. You have measures that ... read more
A new type of Bluetooth security
2008-03-26 13:52:00 Bluetooth has been a big success in the mobile world, but primarily for just one application: wireless headsets. These are extremely popular and with good reason: You can’t beat the convenience, and they are have become quite inexpensive.
Black Hat: Dtrace a Rootkit?
2008-02-26 07:00:00 Sun’s Dtrace application was developed primarily as a tool to help monitor functions on Solaris. According to a pair of security researchers at the Black Hat conference, you can also use Dtrace as the basis for a rootkit-like tool for offensive and defensive security operations.
Excel Flaw Highlights Need for Better App Security
2008-02-10 13:35:00 Don Leatham of Lumension Security has a first-step remedy to the ongoing security concerns around Microsoft’s Excel application. "IT guys should tell end users right off the bat that if they see an unrecognizable Excel document in their inbox, they should treat it like porn — it’s not something you should be opening up at ...
Oracle Applications Not Secure
2008-01-21 06:29:00 Four times a year Oracle issues its Critical Patch Update (CPU) to address security vulnerabilities in its technologies. According to database-security firm Sentrigo, Oracle’s efforts may well be underutilized by its users. Sentrigo found that only 10 percent of respondents in a study of Oracle User Group attendees reported they were up to date and ...
SecureApp Application Security
2007-12-26 02:19:00 Click to enlarge SecureApp Application Security 1.3 SecureApp is a robust security application to protect unauthorized user or limit users from running programs and Panels on the Palm handheld. If the application or Panel is in the protected profile authentication is required to run it. All passphrase entries are masked from the public ...
PCI DSS Section 6: Tackling Application Security
2007-12-13 13:57:00 From Search Security: Among the Payment Card Industry (PCI) Data Security Standard’s 12 requirements is a mandate for Web and application security. Requirement six specifically calls for merchants and credit card issuers to “develop and maintain secure systems and applications.” While many parts of the standard have caused headaches for companies using credit cards in their ...
Effective Controls for Attaining Continuous Application Security Throughout
2007-11-29 08:16:00 Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place. . While individual and ad hoc ...
Lax Web Application Security
2007-11-25 02:10:00 I know it shouldn’t surprise me anymore… but it still does. Every time I visit a site and see a massive, gapping hole in their webapp security. I can get missing an XSS or some other input validation… it’s not good, but it happens… what I don’t get is shopping cart apps that allow the ...
By: ComputerDefense
Lax Web Application Security
2007-11-25 02:10:00 I know it shouldn’t surprise me anymore… but it still does. Every time I visit a site and see a massive, gapping hole in their webapp security. I can get missing an XSS or some other input validation… it’s not good, but it happens… what I don’t get is shopping cart apps that allow the ...
By: ComputerDefense
Human Factors and Improving Application Security
2007-11-22 01:28:00 Realtime Messaging and Web Security – Weve just added a new article to the Essentials Series: Messaging and Web Security Volume II on the role of human factors and usability in application security. The article discusses the difference between security and trust and how to convey security information to users. From the article: There is something of a disconnect between users and developers when it comes to application security. Developers and designers read more
Embedded vs. external application security
2007-10-17 12:07:00 This video shows a proof-of-concept demonstration of the PDF exploit. Be careful when download PDF files from unknown sources!... more from kinghavoc...
By: Global Threat
Hackers Attack Apps While Still in Development
2007-10-15 14:49:00 Everybody’s talking about the need to write more secure applications. But what if the bad guys sabotage the code during the development process? Researchers long have known about the potential for infection or a breach during the software-build process using open-source tools — there were cases in 2002 of hackers infecting OpenSSH, Sendmail, and IRC ...
Hackers Attack Apps While Still in Development
2007-10-15 14:49:00 Everybody’s talking about the need to write more secure applications. But what if the bad guys sabotage the code during the development process? Researchers long have known about the potential for infection or a breach during the software-build process using open-source tools — there were cases in 2002 of hackers infecting OpenSSH, Sendmail, and IRC ...
Scathing, Scathing Critique of Application Security
2007-10-13 06:12:00 Anton Chuvakin on Security – A fun read – Why does forum software has more security features than ?enterprise? tool chains?Quote: I am constantly amazed by the sheer lack of security in the average ?enterprise? tool. I?ve looked at many over the years, and most are designed to the ?soft squishy center? anti-security model. Typically: Accountability is simply missing. ... read more
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
2007-05-18 07:00:00 In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
2007-05-18 07:00:00 In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
2007-05-18 07:00:00 In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
Top 10 Application Security Vulnerabilities In Web.config Files - Part One
2007-05-17 00:06:00 These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services such as databases-which can be sealed off from the outside via firewalls-a public Web site is generally accessible to anyone who wants to view it, making application security an issue. As networks have become more secure, vulnerabilities in Web applications have inevitably attracted the attention of hackers, both criminal and recreational, who have devised techniques to exploit these holes. read more
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
2007-05-02 07:00:00 In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
2007-05-02 07:00:00 In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
2007-05-02 07:00:00 In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
Reflections on Web Application Security experts
2007-04-11 14:10:00 Anurag Agarwal is posting on his blog reflections on Web Application Security experts. He did a great job collecting a lot of material on each one of them. These guys are the best in their field and we all can learn from them. Worth taking a look: Reflection on Amit Klein Reflection on RSnake Reflection on Jeremiah Grossman Reflection on Billy ...
Reflections on Web Application Security experts
2007-04-11 14:10:00 Anurag Agarwal is posting on his blog reflections on Web Application Security experts. He did a great job collecting a lot of material on each one of them. These guys are the best in their field and we all can learn from them. Worth taking a look: Reflection on Amit Klein Reflection on RSnake Reflection on Jeremiah Grossman Reflection on Billy ...
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-19 10:31:03 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas."
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-18 16:30:01 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas."
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-02 22:18:03 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas."
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-02 16:17:05 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas." |
|
 |
|
 |
