SEARCH RESULTS
 
Showing 1-10 of 488 records
 
Expand article

Application Due Care

2008-02-18 08:55:12 by RaviC in Musings on Information Security
 
...application is truly built secure inside-out, then there is no need for other security layers". Truly secure application is a far fetched statement 1. What is the application made of? - Complexity 2. How was the application built? - Methodology 3. Where does the application run? - Environment 1. Complexity - Applications are developed using...
 
Tags: application, application due care, development methodology, methodology, application runs, application exist, application security, development, secure application
 
 
 
 
Expand article

Building secure application

The Article has images
2008-10-02 06:35:44 by RaviC in Musings on Information Security
...application. They are focused on building more functionality into applications. Moreover, building security creates more workload for Developers which is a disincentive and moreover, Developers are rewarded for building more functionality than building more security. I have never seen a Developer in my professional life for being rewarded for...
 
Tags: application, secure application, functional application, secure application inside, access application data, penetration, whitebox style penetration, developers, hackers traverse outside-in
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately sanitized. A web application that is vulnerable to XSS can...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

OWASP AppSec Asia 2008: Proxy Caches and Web Application Security

2008-10-03 11:05:04 by Tim Bass in The Complex Event Processing Blog
 
...Application Security Abstract: Proxy caches, combined with poorly written session management code, can easily lead to serious Internet security breaches. Web application developers cannot know whether their content is consumed directly or via a proxy cache. Developers cannot assume that the HTTP responses will be delivered to the intended...
 
Tags: proxy caches, proxy, web application security, owasp appsec asia, web application developers, developers, session management topics, session management code, internet security breaches
 
 
 
 
Expand article

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security
 
...application Let us accept the fact that developers are mostly busy focusing their time and effort on the functionality of application. Most of the time the software development manager gets away by using the busy excuse. One approach that I suggest you could is to rank the vulnerabilities based on "severity" (how bad if the vulnerability is...
 
Tags: vulnerabilities, software development manager, vulnerabilities based, risk acceptance form, risk, severitythreat vulnerabilities, form, form acknowledge, application
 
 
 
 
Expand article

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive
 
...application - a design defect All this really proves is that determining which of these types of defects to measure, prioritize, and fix is a tricky business and as always, you mileage may vary As Eric clearly points out the threat landscape isn't static either. So, what you think is a priority today might change tomorrow. And, its...
 
Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers
 
 
 
 
Expand article

Malicious Facebook Application Might Create A Powerful DoS Botnet

2008-09-06 03:26:08 by CyberInsecure in CyberInsecure.com
 
Researchers at the Institute of Computer Science (ICS) have built a malicious Facebook application as an experiment to demonstrate the possible dangers of social networking applications. The proof-of-concept Facebook application can covertly herd users of the popular social network into a powerful botnet that might be malicious. The demo...
 
Tags: malicious facebook application, facebook application, malicious, social, popular social network, covertly herd users, powerful botnet, computer science, demo application
 
 
 
 
Expand article

AoIS Interview Topic: Application Security

2008-09-10 01:37:03 by Erik T. Heidt in Art of Information Security
 
...application security folks. This expert has been an innovator in the space, an industry recognized expert, and a frequent speaker at major conferences. All will be disclosed when the interview is posted Please post your questions concerning Application Security during the next 10 days Then, check back for the Interview Cheers, Erik AoIS...
 
Tags: interview, aois interview topic, interview series, application security, series, questions, major conferences, frequent speaker, expert
 
 
 
 
Expand article

Another Strategy for Getting Started with Application Security

2008-01-09 19:50:00 by Security Retentive in Security Retentive
 
...application security and secure coding In it he lists 4 approaches for getting started with application security Top-down framework Portfolio Risk Training First Lead with a tool I thought I'd share one more possibility that is a slight tweak on option #4 above I had success with #4, but not using the tools we usually think of for...
 
Tags: security, application security, security program, authorization scheme, authorization, program, tool, approaches, perform risk assessments