Library tutorials & articles tagged with security
-
What You Need to Know about PCI Compliance and Web Application Security Policy Changes
by Michael Sutton
PCI compliance exists to protect consumers from credit fraud, and their data will be protected if rules are followed. If your business accepts credit cards, you are aware of changes to PCI compliance in June. Adherence to section 6.6 of the PCI compliance rules should have been met; if not, web application security must be integrated into existing applications. This mandate allows businesses to evaluate their security practices.
-
Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
by Caleb Sima
Improving your Web application development process is one of the best ways to avoid security vulnerabilities and nasty surprises during security assessments. Learn about the points in the software development life cycle where additional security awareness and training is needed to ensure that your organization remains successful and secure.
-
Web Application Vulnerability Assessment Essentials
by Caleb Sima
It is important for a business to understand the fundamentals of running a vulnerability assessment in order to determine how one will be run and what can be expected from the results. A web application security scanner can automate the process, but a quality assessment may still require actual human eyes to catch specific issues. Learn more about the whys and hows of vulnerability assessments.
-
Top 10 Application Security Vulnerabilities in Web.config Files - Part Two
by Bryan Sullivan
In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications. Additionally, find out how to keep configuration files from being unintentionally modified by uninformed programmers or administrators, as well as why it is critical to never rely on default setting values.
-
Top 10 Application Security Vulnerabilities in Web.config Files - Part One
by Bryan Sullivan
In part one of this two part article, you will learn about five of the top ten “worst offenders” of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
-
Testing for Security in the Age of Ajax Programming
by Bryan Sullivan
Ajax programming, which allows a web page to refresh a small portion of its data from a web server, is an exciting technology that has recently been introduced. However, this type of programming can also leave applications open to SQL injection and similar attacks. Learn more about Ajax programming and what it means in terms of security.
-
The Power of Hybrid Application Security Analysis: Increasing the Reliability of Security Testing Results
by Jason Schmitt
Developers are beginning to take the important step toward performing security testing before their applications leave their environments. However, it is also important to combine source code analysis with dynamic analysis during security testing, an approach known as hybrid analysis.
-
Locking the Door behind You: Hacker Protection for Your Web Applications
by Caleb Sima
Your Web applications can be the most important and most vulnerable entry point into your organization, and, as such, ensuring adequate hacker protection in your Web applications can be critical. This article discusses some of the issues.
-
You Want Salt With That?
by Eric Lippert
Learn about "security through obscurity", what exactly is this "salt" stuff (in the cryptographic sense, not the chemical sense!), and why it's OK to make salts public knowledge.
-
SQL Injection Attacks by Example
by Stephen J. Friedl
Steve Friedl takes a look at how your site could be vulnerable to SQL injection attacks - complete with numerous examples - and the action you can take to prevent them.
