SEARCH RESULTS
 
Showing 1-10 of 45 records
 
Expand article

Authorization vs. Business Logic

2008-01-09 05:37:00 by Keith Brown in Security Briefs
 
...authorization logic. When you start thinking about this, you often end up in a big gray area: where does the "authorization" end and the "business logic" in your method begin? If there were some obvious distinction between the two, you could easily factor out the authorization logic and perhaps even centralize it If the authorization logic is...
 
Tags: business logic, logic, authorization, authorization logic, factor, method, easily factor, security context, security
 
 
 
 
Expand article

Catalyzing security in service orientation

2008-06-30 16:31:36 by Burton Group in Security and Risk Management Strategies Blog
 
...authorization, are externalized from the application code. It creates a separation of concerns, and usually makes management and auditing more straightforward. So some of the different infrastructure components, like web services modules and the XML gateways, support access control, encryption, and data validation features. Some vendors would...
 
Tags: security, soa, soa train, soa implementation, soa security overview, security professionals, infrastructure security, architecture, enterprise architecture
 
 
 
 
Expand article

Audit/Monitor Controls or Audit/Monitor BEFORE Control?

The Article has images
2008-02-28 11:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
...authorization; 3) administration and 4) audit ." Note that audit which, in this case, broadly includes audit, monitoring and detection, comes last. It seems to be fairly in line with common sense: you audit the controls after you put them in place; you monitor after you have authentication and authorization taken care of and you detect the...
 
Tags: audit, broadly includes audit, broadly, includes, audit whatsoever, full-blown audit capability, paper, paper clarifies, controls
 
 
 
 
Expand article

Hannaford and Sweetbay supermarkets announce compromise of 4.2 million credit and debit cards

The Article has images
2008-03-18 00:07:06 by Evan Francen in The Breach Blog
...authorization Evan] Their information security is "among the strongest in the industry"? Here is a hint as to how the information was illegally obtained, "during transmission of card authorization The intrusion affected Hannaford stores, Sweetbay stores in Florida and certain independently-owned retail locations in the Northeast that carry...
 
Tags: credit, hannaford, breach description, breach, credit-card data breach, carry hannaford products, information, personal information, information security
 
 
 
 
Expand article

Another Strategy for Getting Started with Application Security

2008-01-09 19:50:00 by Security Retentive in Security Retentive
 
...authorization scheme across all of the applications. I managed to get them to settle on doing a quasi-RBAC with Siteminder, using it almost as an identity service as well Settling on one common high-quality authentication and authorization tool/framework had three effects It removed these services from the realm of development. They just...
 
Tags: security, application security, security program, authorization scheme, authorization, program, tool, approaches, perform risk assessments
 
 
 
 
Expand article

Web Email Exploitation Kit in the Wild

The Article has images
2008-04-16 13:42:23 by HASH0x8ab1c88 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...authorization to enter the mail. Thus the use of the script is that you choose a template-XSS (code obhodyaschy security filters for your desired mail server) on which the attack would take place, complete field for a minimum of sending letters (sender, recipient, the subject, message) and choose Type of stuffing: 1) your own yavaskript code...
 
Tags: xss vulnerabilities, vulnerabilities, kit, day xss vulnerabilities, xss exploitation kit, xss, xss exploitation, mail server, mail
 
 
 
 
Expand article

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive
 
...Authorization Daniel Sandler and Dan S. Wallach. must die Daniel presented some good idea on how to move password authentication into the browser chrome to improve our defenses against javascript malware such as javascript keyloggers, etc While the work Daniel did was quite cool in that it doesn't require any protocol modifications, to be...
 
Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges
 
 
 
 
Expand article

Convergence of Access and Information Policies

2007-07-10 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast
 
...Authorization Management. The model that most people described at the conference still segments authentication from authorization and does not tend to talk about policy on the information itself
 
Tags: information, authorization, enterprise authorization management, network applications consortium, protect information, industry, industry participation, segments authentication, conference
 
 
 
 
Expand article

S&K Menswear two-phased attack

The Article has images
2008-01-03 10:40:36 by Evan Francen in The Breach Blog
...authorization. S&K became aware of the unauthorized access after reports of fictitious spear phishing emails began circulating in which the attacker requested the CVV2 codes to match the credit card numbers. It is unknown how many customers were duped by the second phase of the attack Reference URL New Hampshire Attorney General Breach...
 
Tags: information, personal information, information security practices, notification, information security, breach notification letter, sample customer letter, credit card, credit card data