Tips
Tips
Building security into the SDLC (Software development life cycle)
-
The complexities of mashup development
Web services mashups can enhance application function. However, there are some security and legal issues you should be aware of. Continue Reading
-
Shell script security: Protecting your code
Shell scripts are vulnerable to bugs and exploits like any other programming language. Learn how to secure your script and protect your applications with these tips from James Turnbull. Continue Reading
-
Challenges of two-factor authentication
Two-factor authentication offers many security benefits, but can be expensive and ineffective if not implemented carefully. In order to secure your apps, choose your authentication methods and tools wisely. Continue Reading
-
The importance of input validation
Web applications are vulnerable if you don't practice input validation. Learn how to prevent application attacks such as buffer overflow, SQL injection and cross-site scripting. Continue Reading
-
Buffer overflow tools facilitate application testing
Web applications are the conduit for buffer overflow attacks on the Web server. As such, it's imperative to make sure your applications cannot be exploited. These tools can help you out. Continue Reading
-
Hacking for Dummies -- Chapter 16, Web applications
Web application security is the subject of this free book excerpt. Kevin Beaver reviews application vulnerabilities, exploits, malware and countermeasures. Application hacks covered include insecure login mechanisms, directory traversal attacks and ... Continue Reading
-
Find Ajax security flaws using tests
Ajax security problems can be found by doing manual tests. What should you look for in order to prevent an attack? Andres Andreu provides some advice in this tip excerpted from the book Professional Pen Testing for Web Applications. Continue Reading
-
Integrating application security with application delivery
Application security should be integrated when planning your application infrastructure and investing in software development and equipment, Amir Peles warns. Neglecting application security leaves your applications open to exploits. Continue Reading
-
SQL injection: Secure your Web applications
SQL injection exploits wreak havoc on vulnerable Web sites. Expert Caleb Sima explains how to protect your applications against these popular and destructive injection attacks. Continue Reading
-
Software patching principle
Even if a company does all that it can to create perfect software, inevitably some vulnerabilities slip by. That's why it's essential to have an incident response process, as well as a plan for software patching. Continue Reading
-
CRLF injection attacks: How they work and what to do about them
CRLF injection exploits aren't as famous as SQL or LDAP injections, but they're just as damaging to vulnerable applications. Learn how this attack works and what you can do to defend your apps. Continue Reading
-
Adding 'fudge' to your passwords
Safe passwords are integral to Web application security. Unfortunately, recalling many complicated passwords is difficult. If you must write down your passwords to remember them, use this tip to create a safer password record. Continue Reading
-
Secure applications require security-aware end users
Having secure applications requires more than eliminating vulnerabilities in your code. Columnist Ken Salchow Jr. says end users must also understand that their actions can have serious security repercussions -- and companies need to provide ... Continue Reading
-
Ajax in Action -- Chapter 7, Security and Ajax
"Security and Ajax" looks at the issue of security in Ajax from a number of angles. Ajax is a Web technology and many of the issues that it faces are no different from any other Web app. This chapter covers the basic ground, concentrating on ... Continue Reading
-
Input Validation Attacks -- Chapter 6, Hacking Exposed Web Applications, Second Edition
Input validation routines serve as a first line of defense for a Web application. Buffer overflow, directory traversal, cross-site scripting and SQL injection are just a few of the attacks that can result from improper data validation. This chapter ... Continue Reading