-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
- See More: Essential Knowledge on Internet Application Security
-
Consumerization, cloud computing and HTML 5: The future of the smartphone
"Smartphone" author Majeed Ahmad discusses present and future smartphone trends, including growing consumerization, democratization in the IT world, cloud computing and HTML 5. CIOs and other information technology buyers in the enterprise can examin... News | 27 Jan 2012
-
Why smartphones play key role in “enterprise-ation” of mobile computing
Explore smartphone and mobile computing technologies and services with expert Majeed Ahmad, author of a new book, Smartphone. News | 27 Jan 2012
-
Real-time performance monitoring for mobile apps
Mobile ALM provider Keynote DeviceAnywhere and TomTom announced a partnership that enables real-time performance monitoring for TomTom mobile devices. This solution uses a cloud-based platform and provides developers with constant monitoring as well ... News | 17 Oct 2011
-
SQL injection flaw is a welcome mat for black hats on file-sharing site
Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem. News | 08 Jul 2010
-
Independence Day hackers make short work of YouTube's XSS prevention measures
Over the holiday weekend, a group of black hat users managed to shut down YouTube's comment fields by plaguing unsuspecting users with adult content through an XSS weakness. News | 07 Jul 2010
-
JBoss lightens up its next generation platform
Red Hat introduces new programming platform for upcoming next generation JAVA applications. Red Hat's three new products target diverse web applications in the multiple JAVA formats. This new platform will be able to communicate in various programmin... Article | 02 Jun 2009
-
Application security shouldn't involve duct tape, Band-Aids or bubble gum
By applying a multilayered approach to application security throughout the SDLC, software ships more securely, closer to the scheduled delivery date and closer to anticipated cost. How do you do that? Joe Basirico, a senior security trainer at Securi... Article | 15 May 2007
-
Top Web application security threats for 2007
Web application threats increased significantly in 2006, and they aren't expected to let up. SPI Dynamics identifies which Web application trends will be security concerns in 2007. Article | 07 Dec 2006
-
One simple rule to make your Web apps more secure
If there's one thing developers should do to increase Web applications security, it's input validation, according to Caleb Sima, founder and CTO of SPI Dynamics. In this interview, he discusses the most dangerous threats to Web applications, such as ... Interview | 19 Oct 2006
-
Prevent application logic attacks with sound app security practices
Application logic attacks are common, dangerous and difficult to detect. In this interview, expert Rami Jaamour defines and analyzes logic attacks and provides in-depth security advice. As these threats become more popular, it is imperative to unders... Interview | 30 Aug 2006
- See More: News on Internet Application Security
-
Building software security testing skills for managers
Security expert John Overbaugh describes how managers can foster the professional growth of employees by helping them get the training they need to become skilled security testers. Tip
-
Wireframing tools for tablets and other mobile devices
Software consultant Nari Kannan discusses wireframing tools that help mobile and tablet app designers mockup and lay out workflow and user interface designs. Tip
-
Software security: Four lessons testers should learn from Stuxnet
In this tip, security expert John Overbaugh points out four areas of security that were compromised with the Stuxnet virus: physical security, patching, design and implementation. Security testers will know better how they can prevent such a virus fr... Tip
-
Embedded software: Testing for the most common defects
By researching the types of bugs found in embedded software systems, Invision consultant Jon Hagar has created an embedded software error taxonomy of the most common defects in four different embedded software domain areas. Tip
-
Application security: Testing for insecure file references
Insecure file references are considered a significant security risk of Web applications. In this tip, security expert John Overbaugh explains this attack and gives instructions on how you can test for and detect this vulnerability. Tip
-
Change notifications: Think big. Think social media.
In this tip, SSQ contributor Kay Diller suggests the use of firewall-protected social media to inform your organization of changes. Tip
-
The cloud: Does it fit into your business model?
In this tip, SSQ contributor David W. Johnson discusses four factors that will help you determine whether investing in cloud computing is appropriate for your business. Tip
-
Test automation: Three approaches to browser testing
Test automation when working with Web browsers can present challenges, such as slowly-loading pages, checking for sorted data, and testing static data. In this tip, SSQ contributor Chris McMahon describes these problems and how they can be addressed ... Tip
-
Application development: Security that won't weaken performance
Security is important, but what happens when adding code to address security affects performance or usability? In this tip, SSQ contributor Crystal Bedell gives three best practices experts recommend for ensuring your application is secure, while sti... Tip
-
Overcoming the challenges of cross-site scripting testing
Cross-site scripting (XSS) is the most common security vulnerability in the Internet today. In this tip, security expert John Overbaugh will explain what XSS is and will show techniques to test for these types of attacks. By using a combination of co... Tip
- See More: Tips on Internet Application Security
-
Social media in business: Security versus function
ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
-
Confronting security challenges facing social networking sites
According to application security expert John Overbaugh, the two top security concerns for social networking sites are application functionality and account privacy. Answer
-
Application security: Using social media and collaboration tools
Social media and collaborative tools are increasingly being used on professional teams, as discussed in this expert response. Here John Overbaugh explores the potential uses of specific social media applications for security team members. Answer
-
Data protection for non-sensitive and sensitive information
Expert John Overbaugh defines security as confidentiality, integrity and availability of information across systems and applications. Read this response for an explanation of security concerns for all applications. Answer
-
Weighing application security strategy options
Security is frequently a trade-off between "convenience" and security. In this response, expert John Overbaugh weighs the available security strategy options with performance objectives. Answer
-
Security tester roles in secure development lifecycle (SDL)
Some people may be surprised to learn that security testers are integral to nearly every phase of the secure development lifecycle. Answer
-
Strategies for ensuring embedded software security
All software developers have ongoing challenges with application security, and embedded software is no exception. What steps can be taken to protect embedded software applications? Answer
-
Do embedded systems require extra security testing?
While embedded software applications may not necessarily require more security testing than other applications, there are special considerations that developers must keep in mind when working with embedded systems. Answer
-
What does "security testing" of my application actually mean?
What does a manager mean by "security testing"? In this response, expert Pete Walen offers insights into the broad category of application security testing and also recommends asking for clarification about the needs for your specific project. Answer
-
How to best security test your applications: Collaboration and outsourcing
Security testing is an important factor in the application development process, and fortunately there are specialists who work to ensure that applications are as secure as possible. However, it can be difficult to know when it is necessary to outsour... Answer
- See More: Expert Advice on Internet Application Security
-
Jason Huggins demos software testing improvements at STPCon 2011
Watch this STPCon 2011 video of Jason Huggins of Selenium and Sauce Labs, in which he gives some information about his conference demonstration. He relates software testing improvement ideas to his handmade robot that can play Angry Birds on an iPhon... Video
-
Injection attacks -- Knowledge and prevention
SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast. Podcasts
-
Building software security testing skills for managers
Security expert John Overbaugh describes how managers can foster the professional growth of employees by helping them get the training they need to become skilled security testers. Tip
-
Consumerization, cloud computing and HTML 5: The future of the smartphone
"Smartphone" author Majeed Ahmad discusses present and future smartphone trends, including growing consumerization, democratization in the IT world, cloud computing and HTML 5. CIOs and other information technology buyers in the enterprise can examin... News
-
Why smartphones play key role in “enterprise-ation” of mobile computing
Explore smartphone and mobile computing technologies and services with expert Majeed Ahmad, author of a new book, Smartphone. News
-
Social media in business: Security versus function
ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
-
Confronting security challenges facing social networking sites
According to application security expert John Overbaugh, the two top security concerns for social networking sites are application functionality and account privacy. Answer
-
Application security: Using social media and collaboration tools
Social media and collaborative tools are increasingly being used on professional teams, as discussed in this expert response. Here John Overbaugh explores the potential uses of specific social media applications for security team members. Answer
-
Wireframing tools for tablets and other mobile devices
Software consultant Nari Kannan discusses wireframing tools that help mobile and tablet app designers mockup and lay out workflow and user interface designs. Tip
-
Jason Huggins demos software testing improvements at STPCon 2011
Watch this STPCon 2011 video of Jason Huggins of Selenium and Sauce Labs, in which he gives some information about his conference demonstration. He relates software testing improvement ideas to his handmade robot that can play Angry Birds on an iPhon... Video
-
Testing web services with soapUI
In this article, Mike Kelly details the finer points of web services testing using soapUI. Tutorial
-
Real-time performance monitoring for mobile apps
Mobile ALM provider Keynote DeviceAnywhere and TomTom announced a partnership that enables real-time performance monitoring for TomTom mobile devices. This solution uses a cloud-based platform and provides developers with constant monitoring as well ... News
- See More: All on Internet Application Security
About Internet Application Security
Web and rich Internet application security testing services can be used to detect security issues with Web applications and identify vulnerabilities. These vulnerabilities may be known vulnerabilities in custom off-the-shelf applications, technical vulnerabilities or business logic errors. Technical vulnerabilities include URL manipulation, SQL injection, cross site scripting, back-end authentication, password in memory, session highjacking, buffer overflow, Web server configuration, credential management and clickjacking. Business logic errors include day-to-day threat analysis, unauthorized logins, personal information modification, pricelist modification, unauthorized funds transfer and breach of customer trust.