SEARCH RESULTS
 
Showing 1-10 of 49 records
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...expose flaws in the application. Our vulnerability testing tool enumerates a web application's URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the resulting responses for evidence of such vulnerabilities. Although it started out as...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Identity Framework Probable Feature List

The Article has images
2007-12-16 06:42:00 by Keith Brown in Security Briefs
...expose your STS using WCF Fx supplies a custom ServiceHostFactory (currently called WindowsInformationCardServiceHostFactory This allows you to create a .SVC file for a WCF endpoint to expose your STS Fx supplies an HttpModule for the traditional ASP.NET authentiation pipeline According to Vittorio, this "automates a lot of the validation...
 
Tags: informationcard login control, login control, information card serializer, information, control, user authentication methods, user, custom sts, card
 
 
 
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...exposes risk based on implementation deficiencies 3) Deployment vulnerabilities software that was misconfigured in deployment as to expose risk that might have been prevented by other configurations Lets talk about each of these in the context of Common Criteria For classes of products where protection profiles (PP) have been defined, CC...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

Personal information stolen from Georgia DHR

The Article has images
2008-03-27 15:51:45 by Evan Francen in The Breach Blog
...expose personal employee information Reference URL Georgia Department of Human Resources The Lincoln Journal Report Credit Georgia Department of Human Resources Response From the online sources cited above The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of...
 
Tags: georgia dhr, dhr, georgia, information, agency, agency urges employees, georgia law, georgia department, employees
 
 
 
 
Expand article

Malicious Doorways Redirecting to Malware

The Article has images
2008-06-16 03:51:11 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...expose all the campaigns, it makes the investigation easier tubeuniverses.com/teen/index.php?id=1883 - (78.108.177.99 new-content-s2008.com/freemovie/938/0/ - (72.21.53.218 teens.0bucksforpornmovie.com/?id=4199 - (64.28.181.28 getadultaccess.com/movie/?aff=5310 - (200.63.46.84 hqtube.com/?7014000000 - (88.85.66.116...
 
Tags: malicious, doorways, malicious doorways, malicious content, single sentence, single, single malicious domain, doorway, malicious doorway
 
 
 
 
Expand article

Fake Celebrity Video Sites Serving Malware

The Article has images
2008-06-20 06:58:44 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...expose another massive SQL injection, reveal several blackhat SEO domain farms, let you obtain fresh Zlob malware variants, and point you to the very latest and undetected rogue software if you manage to expose the entire scammy ecosystem through all the redirections put in place to make it harder to get to the bottom of it What's important...
 
Tags: malware, blackhat seo-ers, blackhat seo, net, malware authors, malware authors efficiency, blackhat seo operation, info, blackhat
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit
 
...exposed unnecessary services, libraries expose unnecessary code. Lets say you installed Dojo to simplify the process of creating an HTML table with rows and columns that can be sorted on demand. Did you remember to remove all the .js files you didnt need? Or maybe you installed Axis or DWR or anything else that has its own Servlet(s) for...
 
Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes
 
 
 
 
Expand article

Risk Management Lessons from the Mortgage Meltdown

2007-12-14 16:54:17 by Chris McClean in Security & Risk Management
 
...expose companies demonstrating poor risk management strategies or a lack of commitment to all stakeholders. Case in point, the Wall Street Journal questioned how clients will ultimately react knowing that Goldman Sachs profited greatly by betting against products the company continued to sell them Widespread risk management failures will get...
 
Tags: risk, risk exposure, risk management decisions, intelligent risk, risk-savvy media, risk management professionals, goldman sachs, goldman sachs performance, risk management information
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...expose the cracks in a process in the same way as asking everyone to participate Getting Started The first problem with the threat modeling process is that there are a lot of processes. People, eager to threat model, had a number of TM processes to choose from, which led to confusion. If youre a security expert, you might be able to select...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process