Items Tagged with "Application Security"


Security Strategy: From Requirements to Reality

December 13, 2010 Added by:Ben Rothke

Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws...

Comments  (0)


Lessons From the Most Interesting Breaches of The Year

December 03, 2010 Added by:Headlines

Security Week's Noa Bar-Yosef has published her take of the most interesting data breaches of 2010. There were no mega-breeches on the scale of Heartland Payment Systems, but there are lessons to be learned from a few choice data loss events that occurred this year...

Comments  (0)


One in Five Facebook Applications Contain Malware

November 24, 2010 Added by:Headlines

An examination of 14,000 Facebook user accounts found that 20% have applications that contain malware capable of infecting those who click on the links with a virus or other malicious code. The study was based on data collected over the last month...

Comments  (0)


Report: Ten Most Vulnerable Applications for 2010

November 20, 2010 Added by:Headlines

The criteria for making the list require that the application be a consumer or end-user product that is not classified as being malicious by reporting outlets and which contains at least one critical vulnerability...

Comments  (1)


Penetration Testing for Low Hanging Fruit - Part 7 of 7

November 08, 2010 Added by:Bryan Miller

It is my hope that this series of articles have successfully made the case for performing regularly scheduled penetration tests. When combined with enforceable policies and procedures such tests can be an invaluable asset to any organization...

Comments  (10)


Protecting Against Mobile Computing Risks

October 31, 2010 Added by:Allan Pratt, MBA

With all the hoopla about mobile computing, everyone knows the basic concerns. There are the geographical concerns, the financial concerns, the information security concerns, and, of course, there is the physical security issues...

Comments  (0)


App Store Security

October 27, 2010 Added by:Mark Gardner

Unauthorized applications being brought to the enterprise is nothing new, people can download software at home bring it in on a memory stick and load onto their works machine and no one is any the wiser. Given a level of control, this risk could be removed, but many more risks could be introduced...

Comments  (0)


New Class of App – Business Financial Management

October 19, 2010 Added by:Ben Kepes

The genesis for these apps came from the realization that looking back at a series of bank accounts or a tax return was all very well, but it would do nothing to help individuals get a picture of their ability to afford their life a week, a month or a year into the future...

Comments  (0)


Implementing Application Security in the Enterprise

October 19, 2010 Added by:Robb Reck

All leaders have seen the results of poor security in the news in the TJX and Heartland cases. While hearing those types of stories can bring great attention to information security needs, it's not fear mongering we want to do. We want to move beyond a CYA approach and present the business risks...

Comments  (3)


Minimizing Your Attack Surface

September 08, 2010 Added by:Application Security, Inc.

Database Management Systems have extended far beyond the simple data storage systems, and are now impressive software packages in their own right. They now offer features to analyze and report on data, run Java and other extensible languages, and have various levels of OS access built in...

Comments  (2)


A Review of DarkJumper v5.7

July 10, 2010 Added by:Brent Huston

Allowing our servers to execute code from an unknown source is one of the most popular attack vectors today from SQL injection, to XSS and XSRF, to RFI. The Internet continues to be a digital equivalent to the wild, wild west, where outlaws abound...

Comments  (1)

From the Web

Errata Security releases the results of the survey on secure coding practices

April 04, 2010 from:

Errata Security released the results of a survey conducted over the week of Security B-Sides and the RSA Conference in San Francisco. The survey found that Microsoft SDL was the most common security development lifecycle chosen of the companies using formal methodologies, but Ad Hoc solutions are still more popular. Small companies are more likely to be using Agile development, and the corres...

Comments  (0)


Why we did it, and don't want to make money from it..

March 18, 2010 Added by:Jason Remillard

A description of the automated wordpress security plugin by SSM. If you're running WP, check it out!

Comments  (0)


Road Map for an Application/Software Security Architect (Part 6)

February 26, 2010 Added by:Stephen Primost

So, the application designer has disclosed that the solution for the web services being designed will involve the (1) need to authenticate; (2) need to determine levels of authorization; and (3) [by the way] need to have some personalized data be carried forward to the application. If you, as a the security architect involved in the security assessment process, are smart, you would have a security...

Comments  (0)


Road Map for an Application/Software Security Architect (Part 1)

October 26, 2009 Added by:Stephen Primost

With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as to what constitutes an “application problem”. One j...

Comments  (2)

Page « < 17 - 18 - 19 - 20 - 21 > »