SEARCH RESULTS
 
Showing 1-3 of 3 records
1
 
Expand article

Minimizing the Attack Surface, Part 2

2008-07-07 21:10:25 by Chris Eng in Zero in a bit
 
...whitelist using a point-in-time application profile, doesnt this create the same maintenance headache as the reviled WAF? It doesnt have to. Certainly, one option would be to whitelist each and every unique URL that references the DWR framework, e.g dwr/call/plaincall/myMethod1 /dwr/call/plaincall/myMethod2 /dwr/call/plaincall/myMethod3 But...
 
Tags: dwr-invoker dwr, dwr-invoker, dwr library, dwr, library, security, dwr dispatcher, security posture, point-in-time application profile
 
 
 
 
Expand article

Phishing Holes

2008-04-03 21:39:00 by sdl in The Security Development Lifecycle
 
...whitelist of known good domains specified in the applications configuration file. To continue our example, lets say that SomeBank rewrites its application to use the SafeRedirect library and allows only redirects to the domain somebank.com. The new redirection code will look like this SafeRedirect.Redirect(Request.QueryString["p And while the...
 
Tags: somebank, domain somebank, somebank rewrites, aspx, aspx redirects, redirect, saferedirect library, comwelcome, library
 
 
 
 
Expand article

ESoft spam filter goes mobile

2008-06-19 00:00:00 by HASH0x84736d8 in Network World on Security
 
Security appliance developer eSoft has updated its e-mail gateway with the ability for users to spam-file or whitelist e-mails from any device, including a BlackBerry or smartphone. Previously, only Outlook users could train the gateway's Bayesian spam-filter
 
Tags: gateway, users, e-mail gateway, outlook users, bayesian spam-filter, whitelist e-mails, smartphone, blackberry, spam-file
 
 
 
 
 
Showing 1-3 of 3 records
1
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia