SecurityRatty: tag: application

Application Due Care

2008-02-18 08:55:12 by RaviC in Musings on Information Security

...application is truly built secure inside-out, then there is no need for other security layers". Truly secure application is a far fetched statement 1. What is the application made of? - Complexity 2. How was the application built? - Methodology 3. Where does the application run? - Environment 1. Complexity - Applications are developed using...

Tags: application, application due care, development methodology, methodology, application runs, application exist, application security, development, secure application

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately sanitized. A web application that is vulnerable to XSS can...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security

...application Let us accept the fact that developers are mostly busy focusing their time and effort on the functionality of application. Most of the time the software development manager gets away by using the busy excuse. One approach that I suggest you could is to rank the vulnerabilities based on "severity" (how bad if the vulnerability is...

Tags: vulnerabilities, software development manager, vulnerabilities based, risk acceptance form, risk, severitythreat vulnerabilities, form, form acknowledge, application

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...application - a design defect All this really proves is that determining which of these types of defects to measure, prioritize, and fix is a tricky business and as always, you mileage may vary As Eric clearly points out the threat landscape isn't static either. So, what you think is a priority today might change tomorrow. And, its...

Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers

Another Strategy for Getting Started with Application Security

2008-01-09 19:50:00 by Security Retentive in Security Retentive

...application security and secure coding In it he lists 4 approaches for getting started with application security Top-down framework Portfolio Risk Training First Lead with a tool I thought I'd share one more possibility that is a slight tweak on option #4 above I had success with #4, but not using the tools we usually think of for...

Tags: security, application security, security program, authorization scheme, authorization, program, tool, approaches, perform risk assessments

An Approach to Web Application Threat Modeling

2008-05-09 00:00:00 by Editor in Infosec Writers Latest Security Papers

The aim of this paper, written by Akash Shrivastava, is to identify relevant threats and vulnerabilities in the Web Application and build a Security Framework to help in designing a secure Web Application

Tags: web application, secure web application, relevant threats, security framework, akash shrivastava, vulnerabilities, paper, aim

Article: Dissecting and Digging Application Source Code for Vulnerabilities

2007-12-27 13:33:07 by Editor in Help Net Security - News

Application source code scanning for vulnerability detection is an interesting challenge and relatively complex problem as well. There are several security issues which are difficult to identify using

Tags: application source code, security issues, vulnerability detection, challenge, complex, difficult

Dissecting and Digging Application Source Code for Vulnerabilities

2007-12-27 13:33:07 by Editor in Help Net Security - Articles

Application source code scanning for vulnerability detection is an interesting challenge and relatively complex problem as well. There are several security issues which are difficult to identify using

Tags: application source code, security issues, vulnerability detection, challenge, complex, difficult

Who Benefits from Log Standards? Part II - Application Developers

2007-12-04 17:28:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...application software vendors as well as network gear developers whose products generate logs ] will be able to decrease cost associated with logging and reuse log libraries. Vendors could move away from encouraging developers from picking log messages on a closest-fit basis from a limited, product-specific message index. Furthermore, the...

Tags: application software vendors, software vendors, log standards, standards, vendors, log management vendors, log management, developers, log management people

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo