SEARCH RESULTS
 
Showing 1-10 of 934 records
 
Expand article

Web Services and XML Security Training at OWASP

2008-08-28 08:55:59 by Gunnar Peterson in 1 Raindrop
 
I am teaching Web Services and XML Security training at OWASP's AppSec conference in NYC, Sept 22-23. Web services provide the backbone that integrates many things in the enterprise from application servers, databases, ERP, and CRM. Increasingly we are seeing Web services in more B2C roles with Rest, Federation and other technologies. The class...
 
Tags: security, soa security standards, security standards, soa security, soa, security critical environment, information security, information, application security principles
 
 
 
 
Expand article

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive
 
Thursday 5/22 I was at the IEEE Web 2.0 Security and Privacy Workshop . I figured I'd learn a few things, and also make sure that no new exploits were announced against my employer, and/or make sure we weren't the only examples people gave of problems I was pretty successful on goal #1, not 100% successful on goal #2 This post is mostly brain...
 
Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges
 
 
 
 
Expand article

Web 2.0 Security - The Beginning of the End or The End of the Beginning

The Article has images
2008-05-29 15:26:12 by Gunnar Peterson in 1 Raindrop
Given past performance of software security, its hard to be optimistic where things are going wrt Web 2.0 security. Granted when Web 1.0 was built out did not have the ability to use static analysis to find vulnerabilities, we didn't have good identity standards and so on. So are we at a new a beginning where new tools and mechanisms will save...
 
Tags: people, software security people, software security, software security team, security, security people, web, security support, architecture
 
 
 
 
Expand article

Web 2.0 SecureD. DelivereD. :)

2007-10-13 09:29:44 by RaviC in Musings on Information Security
 
Web 2.0 has become a well accepted jargon in the current marketplace. It is a set of new web based technologies that enable building of on-line communities Web 2.0 is a democracy of user communities [thanks to Paul Graham for his definition]. Web 2.0 gives more power for the users to interact, customize, share and leverage The democratization of...
 
Tags: web, web based technologies, call web, upload personal information, personal information, security, users, security awareness education, ensure users
 
 
 
 
Expand article

Are you using the latest web browser?

The Article has images
2008-07-16 13:24:00 by Panayiotis Mavrommatis in Google Online Security Blog
Written by Thomas Duebendorfer In view of mass defacements of hundreds of thousand of web pages - with the intent to misuse them to launch drive-by download attacks - security researchers from ETH Zurich, Google, and IBM Internet Security Systems were interested in looking at the other side of the attack: the web browser. By analyzing the web...
 
Tags: browser, web browser, browser version, versions, secure versions, obsolete browser, web browser versions, web browser users, web
 
 
 
 
Expand article

Web Server Software and Malware

The Article has images
2007-06-05 09:30:00 by Niels Provos in Google Online Security Blog
Posted by Nagendra Modadugu, Anti-Malware Team In this post, we investigate the distribution of web server software to provide insight into how server software is correlated to servers hosting malware binaries or engaging in drive-by-downloads We determine server operating system by examining the 'Server:' HTTP header reported by most web...
 
Tags: servers serve malware, servers, apache servers, malicious servers, web server software, server software, web servers, microsoft iis, microsoft iis features
 
 
 
 
Expand article

Web Site: Security and Trust

The Article has images
2007-01-18 07:10:00 by RaviC in Musings on Information Security
Many of us have this notion that a web site that is accessible securely through https can be trusted. This is not true. Not all the sites that use https can be trusted. Nothing can stop fraudsters from setting up a https web site. Though https offers security it does not offer trust. Trust is a choice that the user has to make consciously. Here...
 
Tags: web site, https, https web site, trust, offer trust, web site belongs, https url, https offers security, ensure
 
 
 
 
Expand article

Maryland Department of Assessments & Taxation web exposure

The Article has images
2008-01-05 14:02:15 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 1/4/08 Organization State of Maryland Contractor/Consultant/Branch Department of Assessments and Taxation Towson University's Regional Economic Studies Institute Victims Maryland residents applying for a homestead tax credit Number Affected Unknown roughly 900 people used the system on the day...
 
Tags: maryland, sensitive personal information, personal information, secure server hadhas, server, web application server, application, information, information security
 
 
 
 
Expand article

Excel Spreadsheet on the web exposes Army officers and civilians

The Article has images
2008-04-13 20:23:28 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 4/4/08 Organization United States Army Contractor/Consultant/Branch United States Army Acquisition Support Center ("USAASC Victims Colonels and civilians who managed programs within ASC Number Affected about two dozen Types of Data name, rank, program and organization" and Social Security...
 
Tags: web, personal information remains, personal information, army, usaascs web site, information, spreadsheet, usaasc response, usaasc