|
Security Practices Asp.Net
2009-12-19 07:12:00 First thing which comes to mind when one connects to internet is am i secure.....?... Is somebody watching me? .Nobody has an answser to it but all one can do is use best practices to be on a safe edge of the wall. Listed below are some of the security misconfigurations, and demonstrates their potential impact on your applications.1. Web.ConfigWeb.config files operate in a hierarchical inheritance manner. All Web.config files on the system inherit from the global configuration file called Machine.config located in the .NET framework directory. The effect of this is that the runtime behavior of your application can be altered simply by modifying a configuration file in a higher directory .To keep your application-specific settings from being unexpectedly modified, the solution is to never rely on default setting values. For example, debugging is disabled by default in configuration files. If you're examining the configuration file for your application and you notice that the debug a...
By: TechnoChat
Metrics Revisited ? Application Security Metrics
2008-05-13 01:03:00 bloginfosec.com – I have recently been giving some thought to, and doing some research into, application security metrics, and I have determined, quite simply, that there aren?t any good ones. ?How ridiculous? you say, ?We have two dozen application security metrics, which we report in real time, daily, weekly and fortnightly.? Yes, I understand. You have measures that ... read more
A new type of Bluetooth security
2008-03-26 13:52:00 Bluetooth has been a big success in the mobile world, but primarily for just one application: wireless headsets. These are extremely popular and with good reason: You can’t beat the convenience, and they are have become quite inexpensive.
Black Hat: Dtrace a Rootkit?
2008-02-26 07:00:00 Sun’s Dtrace application was developed primarily as a tool to help monitor functions on Solaris. According to a pair of security researchers at the Black Hat conference, you can also use Dtrace as the basis for a rootkit-like tool for offensive and defensive security operations.
Excel Flaw Highlights Need for Better App Security
2008-02-10 13:35:00 Don Leatham of Lumension Security has a first-step remedy to the ongoing security concerns around Microsoft’s Excel application. "IT guys should tell end users right off the bat that if they see an unrecognizable Excel document in their inbox, they should treat it like porn — it’s not something you should be opening up at ...
Oracle Applications Not Secure
2008-01-21 06:29:00 Four times a year Oracle issues its Critical Patch Update (CPU) to address security vulnerabilities in its technologies. According to database-security firm Sentrigo, Oracle’s efforts may well be underutilized by its users. Sentrigo found that only 10 percent of respondents in a study of Oracle User Group attendees reported they were up to date and ...
PCI DSS Section 6: Tackling Application Security
2007-12-13 13:57:00 From Search Security: Among the Payment Card Industry (PCI) Data Security Standard’s 12 requirements is a mandate for Web and application security. Requirement six specifically calls for merchants and credit card issuers to “develop and maintain secure systems and applications.” While many parts of the standard have caused headaches for companies using credit cards in their ...
Effective Controls for Attaining Continuous Application Security Throughout
2007-11-29 08:16:00 Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place. . While individual and ad hoc ...
Lax Web Application Security
2007-11-25 02:10:00 I know it shouldn’t surprise me anymore… but it still does. Every time I visit a site and see a massive, gapping hole in their webapp security. I can get missing an XSS or some other input validation… it’s not good, but it happens… what I don’t get is shopping cart apps that allow the ...
By: ComputerDefense
Lax Web Application Security
2007-11-25 02:10:00 I know it shouldn’t surprise me anymore… but it still does. Every time I visit a site and see a massive, gapping hole in their webapp security. I can get missing an XSS or some other input validation… it’s not good, but it happens… what I don’t get is shopping cart apps that allow the ...
By: ComputerDefense
Human Factors and Improving Application Security
2007-11-22 01:28:00 Realtime Messaging and Web Security – Weve just added a new article to the Essentials Series: Messaging and Web Security Volume II on the role of human factors and usability in application security. The article discusses the difference between security and trust and how to convey security information to users. From the article: There is something of a disconnect between users and developers when it comes to application security. Developers and designers read more
Embedded vs. external application security
2007-10-17 12:07:00 This video shows a proof-of-concept demonstration of the PDF exploit. Be careful when download PDF files from unknown sources!... more from kinghavoc...
By: Global Threat
Hackers Attack Apps While Still in Development
2007-10-15 14:49:00 Everybody’s talking about the need to write more secure applications. But what if the bad guys sabotage the code during the development process? Researchers long have known about the potential for infection or a breach during the software-build process using open-source tools — there were cases in 2002 of hackers infecting OpenSSH, Sendmail, and IRC ...
Hackers Attack Apps While Still in Development
2007-10-15 14:49:00 Everybody’s talking about the need to write more secure applications. But what if the bad guys sabotage the code during the development process? Researchers long have known about the potential for infection or a breach during the software-build process using open-source tools — there were cases in 2002 of hackers infecting OpenSSH, Sendmail, and IRC ...
Scathing, Scathing Critique of Application Security
2007-10-13 06:12:00 Anton Chuvakin on Security – A fun read – Why does forum software has more security features than ?enterprise? tool chains?Quote: I am constantly amazed by the sheer lack of security in the average ?enterprise? tool. I?ve looked at many over the years, and most are designed to the ?soft squishy center? anti-security model. Typically: Accountability is simply missing. ... read more
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
2007-05-18 07:00:00 In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
2007-05-18 07:00:00 In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
2007-05-18 07:00:00 In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
2007-05-02 07:00:00 In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
2007-05-02 07:00:00 In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
2007-05-02 07:00:00 In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-19 10:31:03 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas."
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-18 16:30:01 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas."
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-02 22:18:03 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas."
Microsoft Enhances Application Security Tool in Visual Studi
2006-12-02 16:17:05 Inclusion of PreEmptive Solutions' Dotfuscator Community Edition is latest milestone en route to the release of Microsoft Visual Studio code-named "Orcas." |
|
 |
|
 |
