Blog Posts Tagged with "Application Security"
Is Too Much Focus Put on the Application Layer?
May 06, 2011 Added by:Keith Mendoza
Information system security is really nothing new, its just that no one has paid attention to it until recently; and the focus seem to mostly be on securing the application. My question is: who will make sure that the attack vector will not come from the hardware layer?
Comments (4)
Basic Secure Coding Practices for C or C++
May 04, 2011 Added by:Keith Mendoza
Most privilege escalations take advantage of being able to modify the code being executed because the application writes to memory locations past what it allocated. However, if you have a variable that uses up more space than the amount of data, that's extra space for an attacker to use...
Comments (3)
Critical Keys to Successful Application Security Testing
May 03, 2011 Added by:Rafal Los
Keeping up with the amount of applications being released can often lead to more subtle issues. We can all say with relative confidence that just because an application has been tested does not make it secure - and even the best analysts & testers can miss security defects...
Comments (0)
Majority of Web Apps Deployed with Security Flaws
April 26, 2011 Added by:Headlines
Veracode analyzed nearly five-thousand applications submitted to its cloud-based testing service over the period of eighteen months and found that more than half of the software had some sort of significant security flaw. “Software remains fundamentally flawed," the report states...
Comments (0)
Software Security Incidents Cost an Average $300,000
April 22, 2011 Added by:Robert Siciliano
Enterprises must move from technological security silos to enterprise security intelligence. This can be achieved through the interaction of different technologies as well as contextual analyses of integrated security and business information...
Comments (1)
Skype Fixes Critical Android Application Vulnerability
April 22, 2011 Added by:Headlines
"After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version as soon as possible in order to help protect your information..."
Comments (0)
Learning USB Lessons the Hard Way
April 20, 2011 Added by:Brent Huston
Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...
Comments (1)
Mobile Application Security - Separating Hype From Reality
April 12, 2011 Added by:Rafal Los
Everyone is to blame for the hype around mobile application security. The media is to blame for creating an insane amount of fear, security professionals and vendors are to blame for perpetuating this fear, and end-users are to blame for buying the craziness wholesale without doing research...
Comments (4)
Security Provider Barracuda Networks Hit by SQL Injection
April 12, 2011 Added by:Headlines
The website of application security vendor Barracuda Networks was compromised by a SQL injection attack. The attack appears to have exposed confidential information regarding Barracuda's business partners as well as network login credentials of several employees...
Comments (0)
McAfee Website Vulnerable to XSS and Other Attacks
March 29, 2011 Added by:Headlines
"The McAfee SECURE trustmark only appears when the website has passed our intensive, daily security scan. In other words, the presence of this label means that the website is not vulnerable to the exact same vulnerabilities McAfee currently has.."
Comments (1)
The Psychology of 'Secure Code': A Tale of 2 Dev Shops
March 10, 2011 Added by:Rafal Los
Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...
Comments (0)
Dr. InfoSec's Quotes of the Week (015)
March 06, 2011 Added by:Christophe Veltsos
Who said: "Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information... Information security attacks are a very real threat..."?
Comments (0)
RSA 2011 Conference Notes from Anton Chuvakin
March 05, 2011 Added by:Anton Chuvakin
Most “analyst takeaways” from were about cloud and mobility. I heard a fun opinion on IT consumerization: if you deal with the security of employee devices by banning them, you will make your organization unattractive to the best employees – thus increasing, not reducing, your business risk...
Comments (0)
Software Security Assurance Psychology - The Legacy Code
March 04, 2011 Added by:Rafal Los
An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...
Comments (0)
Application Vulnerabilities are Like Landmines
March 02, 2011 Added by:Ron Lepofsky
Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...
Comments (0)
It Was Developed By A Third Party… Of Course It’s Secure!
March 01, 2011 Added by:Gary McCully
I recently participated in an Internal Attack and Penetration Assessment where I encountered a third party web application which contained various vulnerabilities. These vulnerabilities could be linked together in such a way that remote code execution on the underlying operating system was possible...
Comments (0)
- Brand Damage Through Information Access
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security