Google freely released its personal tool for checking security issues of web applications as an open source tool.Ratproxy is the name of the devil that is released under an Apache 2.0 software...
view more in the download hut of honeytechblog
Openings with Honeywell - B"lore for Application Security. Job Description:-8 - 10 years of experience in application security. Practicing/Expert Level Security tester. Experience in leading security...
For more info on latest job openings and other career related information visit my site
In the past 5 days i came across 3 examples which proved that too much functional complexity can backfire in terms of business competitiveness and security:The car example - I read an AutoBild 100,000 km test of the BMW series 7. Their biggest complaint was the iDrive system (no relation to Apple). The idea of BMW was that a single computer interface will replace the arrays of buttons and dials on the central console of the dashboard (from radio to suspension setting). The initial version of the iDrive system was so complex that it became a nightmare for the driver to use it. The end result-a very expensive car that is a difficult to use, and sometimes even dangerous since the driver is focusing on the iDrive instead of the roadThe phone example - My 2.5 year son loves to play with my cell
Our thinking for security starts with operating system security, network security or some times we may think about the Internet browser security. while browsing the Internet we only think our antivirus program is updated with latest security updates, firewall is working or not. But all these things solve our security concern, no because there [...]
Application security in IIS involves the following processes: Enabling or disabling Web Service Extensions (WSE): To run dynamic Web applications on IIS, you first have to use the Web Service Extensions node in IIS Manager to allow or prohibit the Web service extensions listed below: ASP ASP.NET ISAPI Extensions CGI Extensions Front Page Server Extensions 2000 and 2002 Internet Data Connector WebDAV support To access the Web Service Extensions (WSE), Open the IIS Manager Select the Web Server Extensions node Specifying execute permissions for applications. These permissions enable applications in websites and virtual directories to execute/run. Setting up application pool identities: Application pool identities are configured to control the manner in which worker processes s
This article discusses the top vulnerabilities in a two tier thick client application. Thick client is defined as an applicationclient that processes data in addition to rendering. An example of thick client application would be a VB.NET or Java Swing application that communicates with a database.I have generally observed in these types of applications have weak access controls, weak authentication management, information disclosure, improper error handling or application crash. It is interesting to note that most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick Client applications as they are to web applications.Let us map them for simplicity. Sr OWASP Top 10 (Web Apps) Thick Client 1 Unvalidated Input Unvalidated Input 2 Broken Access Control Broken Access Control 3 Broken Authentication & Session Management Weak Authen
Selenium JavaScript Web Application Security Testing ToolEntre las buenas practicas de desarrollo seguro esta el uso de distintas herramientas de test para aplicaciones, para el caso de los desarrollos web tenemos a Selenium herramienta de código abierto que se destaca por su rapidez de proceso, dicho software funciona directamente sobre el navegador web, carga los script de prueba y los va comprobando uno a uno dando al final una tabla con los resultados.Esta herramienta trabaja con aplicaciones en línea y es multilenguaje (Java, PHP, .NET, Perl,otros), admite páginas DHTML complejas, funcionalidad para JavaScript así como llamadas AJAX, permite también un fácil y rápido testeo de aplicaciones complejas Web 2.0.Selenium tiene dos maneras básicas de funcionar:-Selenium IDE: mediante el navegador firefox: de forma que vas grabando tus acciones para luego repetirlas. Creas pruebas funcionales sin programar nada, pero son algo rígidas.- Selenium RC: programando las pruebasLos tes
“Wisdom comes from experience. Experience comes from making mistakes.” Just how true that statement was– one does loearn an aweful lot from one’s mistakes. Here are some of the practices. 1. Ensure that all text and all files sent by the user—all—are safe for your system. 2 . Ensure that all personalized SQL [...]
The authoritative guide to implementing fundamental security principles in .NET applications. This guide helps you design, build, and configure hack-resilient Web applications that reduce the likelihood of successful attacks.
