SEARCH RESULTS
 
Showing 1-7 of 7 records
1
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...accepts user input as the 'q' parameter. Untrusted data coming from the attacker is marked in red Injection in regular HTML body - angled brackets not filtered or escaped Your query ' ' returned xxx results Injection inside tag attributes - double quote not filtered or escaped form blah Injection inside URL attributes - non-http(s)...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

ARCO gas pumps targeted by fraudsters

The Article has images
2007-12-27 13:58:30 by Evan Francen in The Breach Blog
...accepts debit cards because banks impose higher fees for credit transactions ARCO considers the safety and security of every customer a top priority," said Todd Spitler, a spokesman for the company. "But there are other businesses throughout California, not only us, that only accept debit cards The company often updates its technology to...
 
Tags: arco gas pumps, pumps, gas pumps, arco, gas stations, arco gas stations, card, debit card identification, creditdebit card data
 
 
 
 
Expand article

Identity Framework Probable Feature List

The Article has images
2007-12-16 06:42:00 by Keith Brown in Security Briefs
...accepts information cards SignInStatus (probably similar features to ASP.NET's LoginStatus Fx helps you build relying parties InformationCard login control You can specify whether you want to accept personal or managed cards If you accept managed cards, a wizard will take a card file as input to automatically configure the control (great...
 
Tags: informationcard login control, login control, information card serializer, information, control, user authentication methods, user, custom sts, card
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...accepts data from external sources, etc). The SDL requires development teams to both minimize attack surface in the software they are building and to consider attacks from each entry point on the attack surface to ensure that mitigations are present. It would appear that these examples show that the development teams didnt adopt such a...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...accepts this content from Eve, then anyone who looks at the wiki entry will have their browser cookie stolen and sent to Eve at evil.com. The cookie could potentially contain login credentials or other sensitive information, allowing Eve to impersonate her victim and essentially commit a form of identity theft The attack Ive shown here is...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

Catalina Conservancy Divers donors are warned

The Article has images
2008-03-17 13:32:50 by Evan Francen in The Breach Blog
...accepts online donations Evan] This is sad not only for the individual victims, but Catalina Conservancy also. Online donations should be a viable option, but now it viewed so If you believe you have been the victim of a crime, please notify your bank immediately to close your account(s) and prevent any further crimes from occurring In...
 
Tags: catalina conservancy, conservancy, catalina conservancy divers, hammonds, trevor hammonds, victims names, names, victims, online donations
 
 
 
 
Expand article

The Daily Incite - March 17, 2008 - Dan Geer's SourceBoston Keynote

The Article has images
2008-03-17 17:49:50 by Mike Rothman in Mike Rothman's blog
...accepts it, and goes to great lengths to show that he ultimately will be right. Given that we've basically accepted the operating system monoculture, then the only outcome is that we are to "win decisively or fail catastrophically" as a hive genetically alike is certain to do. Given the trends of what we do, you don't need to be Dan Geer to...
 
Tags: dan, dan geer, dan leaves, dan reminds, ultimately dan circles, security, security industry, information security, information
 
 
 
 
 
Showing 1-7 of 7 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
Ask Security Expert
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia