• September 25, 2006 25 Sep'06

    content spoofing

    Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.  Continue Reading

  • September 25, 2006 25 Sep'06

    XSS prevention in Java

    Cross-site scripting exploits can devastate Java apps. With XSS attacks on the rise, expert Ramesh Nagappan explains how to prevent these exploits in J2EE applications through proper input validation and other methods.  Continue Reading

  • September 21, 2006 21 Sep'06

    Shell script security: Protecting your code

    Shell scripts are vulnerable to bugs and exploits like any other programming language. Learn how to secure your script and protect your applications with these tips from James Turnbull.  Continue Reading

  • September 20, 2006 20 Sep'06

    variable manipulation

    Variable manipulation is a method of specifying or editing variables in a computer program... (Continued)  Continue Reading

  • September 20, 2006 20 Sep'06

    cross-site tracing (XST)

    Cross-site tracing (XST) is a sophisticated form of cross-site scripting (XSS) that can bypass security countermeasures already put in place to protect against XSS... (Continued)  Continue Reading

  • September 20, 2006 20 Sep'06

    application firewall

    An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer... (Continued)  Continue Reading

  • September 20, 2006 20 Sep'06

    Burton: Web application firewall market maturing

    Web application firewalls have improved performance and functionality, but it still takes time, knowledge and skills to implement them, according to a recent Burton Group report. They are not "fire and forget" solutions.  Continue Reading

  • September 19, 2006 19 Sep'06

    Cross-site tracing explained

    Cross-site tracing (XST) is a reflected version of cross-site scripting (XSS). Expert Jeff Williams describes what makes this Web application security exploit unique and offers strategies for prevention.  Continue Reading

  • September 15, 2006 15 Sep'06

    Making sense of Web services security standards

    Several industry-standard initiatives on Web services security standards are in progress. Expert Ramesh Nagappan reviews some of the most prominent ones and explains their value.  Continue Reading

  • September 14, 2006 14 Sep'06

    Learning Guide: Application security testing techniques

    Testing applications for security purposes is such a basic, important safety measure that most security professionals wouldn't think twice about it. Explore your options for pen testing, vulnerability analysis, fuzzing and more in this application ...  Continue Reading

  • September 14, 2006 14 Sep'06

    Web services security a challenging endeavor

    Web services have introduced new security challenges, some of which remain unaddressed by security mechanisms and technologies. Expert Ramesh Nagappan reviews the known threats to Web services and countermeasures to protect them.  Continue Reading

  • September 13, 2006 13 Sep'06

    SAML to remain open

    Ed Tittel discusses how Sun's decision not to enforce its patent on SAML helps further the whole open source environment growing up around XML security markup languages.  Continue Reading

  • September 08, 2006 08 Sep'06

    Challenges of two-factor authentication

    Two-factor authentication offers many security benefits, but can be expensive and ineffective if not implemented carefully. In order to secure your apps, choose your authentication methods and tools wisely.  Continue Reading

  • September 08, 2006 08 Sep'06

    PCI council formed; revised standard includes app security requirement

    American Express, Discover, JCB, MasterCard and Visa have created an independent PCI standards council. Their first act was to release version 1.1 of the PCI Data Security Standard, which clarifies existing requirements as well as adds a new one for...  Continue Reading

  • September 07, 2006 07 Sep'06

    Higgins Trust Framework (HTF)

    The Higgins Trust Framework (HTF) is an API (application program interface) that allows end users to store identity information in locations of their choice and share portions of that information anonymously with online vendors and service ...  Continue Reading

  • September 06, 2006 06 Sep'06

    The importance of input validation

    Web applications are vulnerable if you don't practice input validation. Learn how to prevent application attacks such as buffer overflow, SQL injection and cross-site scripting.  Continue Reading

  • September 06, 2006 06 Sep'06

    Creating a secure login page with Java

    Strong authentication and session security are the foundation of a secure Java login page. Expert Ramesh Nagappan explores the security technology and best practices behind robust login sites.  Continue Reading