Items Tagged with "Web Application Security"
The Need for Advancements in Browser Based Security
March 08, 2012 Added by:Headlines
"Data protection is fast becoming a product and service differentiator. It is incumbent on business leaders to take a holistic view of these issues and understand how they are undermining consumer trust. Now is the time for businesses to make data protection a priority..."
Comments (0)
Tangled Web: A Guide to Securing Modern Web Applications
February 26, 2012 Added by:Ben Rothke
There is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor’s computes, such as cache-based tags...
Comments (0)
A Security Resolution for Developers
February 22, 2012 Added by:Bill Gerneglia
You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...
Comments (0)
Metadata: A Pentester’s Best Friend
February 17, 2012 Added by:Jake Garlie
Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...
Comments (0)
Which Will Make a Bigger Splash in 2012 - Mobile Wallet or EMV?
February 01, 2012 Added by:Robert Siciliano
Visa has announced plans to accelerate the migration to EMV contact and contactless chip technology in the United States. The company intends to encourage investments in infrastructure necessary to accept and process both new forms of payment technology...
Comments (0)
Designing Applications for Compromise
January 24, 2012 Added by:Rafal Los
Make sure you're thinking ahead and designing applications to be resilient in the face of a complete compromise - including the information therein and connected accounts - so your users can still get back to the application even after it's been ravaged by hackers...
Comments (0)
Significance of 'Death of the Document Web' to Security
January 18, 2012 Added by:Rafal Los
Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...
Comments (2)
2012 Has Delivered Her First Giant Data Breach
January 17, 2012 Added by:Josh Shaul
We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...
Comments (0)
On the Israeli Credit Card Breach
January 08, 2012 Added by:Danny Lieberman
The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...
Comments (0)
Location, Location, Location
October 11, 2011 Added by:Christopher Burgess
Location based services have great viability and increase the interaction between individuals and merchants, as well as serve to identify individuals with similar interests. Know that well-intentioned services have a positive side, but also may also be used to your detriment...
Comments (0)
Securing Web Servers with SSL
August 31, 2011 Added by:Danny Lieberman
So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...
Comments (0)
High Fashion, Low Security - Part Duex
August 25, 2011 Added by:David Martinez
I spy serious SQL issues… I had the hashes for the admins table, info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
Comments (0)
High Fashion - Low Security
August 15, 2011 Added by:David Martinez
In the end, I had the hashes for the admins table, full customer info from the customers table, as well as the full output of the transactions and users tables, which included MD5 hashes of CC numbers. The hashes were all 64-bits from a MySQL db, which means they were probably SHA256...
Comments (0)
LinkedIn Ceases Using Member Profiles for Advertising
August 12, 2011 Added by:Headlines
LinkedIn has pulled a one-eighty after receiving overwhelming criticism for using member profiles, images and activity in an advertising campaign. The brunt of the criticism was the decision to "opt-in" members for participation automatically without first getting their expressed permission...
Comments (0)
Sneaky LinkedIn is Using Member Profiles for Advertising
July 25, 2011 Added by:Headlines
"When LinkedIn members recommend people and services, follow companies, or take other actions, their name/photo may show up in related ads shown to you. Conversely, when you take these actions on LinkedIn, your name/photo may show up in related ads shown to LinkedIn members..."
Comments (0)
Web Application Attacks Can Peak at 25,000 an Hour
July 25, 2011 Added by:Headlines
The study of 10 million web application attacks shows automated attacks peak at 25,000 an hour. "The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses..."