Openings with Honeywell - B"lore for Application Security. Job Description:-8 - 10 years of experience in application security. Practicing/Expert Level Security tester. Experience in leading security...
For more info on latest job openings and other career related information visit my site
In the past 5 days i came across 3 examples which proved that too much functional complexity can backfire in terms of business competitiveness and security:The car example - I read an AutoBild 100,000 km test of the BMW series 7. Their biggest complaint was the iDrive system (no relation to Apple). The idea of BMW was that a single computer interface will replace the arrays of buttons and dials on the central console of the dashboard (from radio to suspension setting). The initial version of the iDrive system was so complex that it became a nightmare for the driver to use it. The end result-a very expensive car that is a difficult to use, and sometimes even dangerous since the driver is focusing on the iDrive instead of the roadThe phone example - My 2.5 year son loves to play with my cell
Our thinking for security starts with operating system security, network security or some times we may think about the Internet browser security. while browsing the Internet we only think our antivirus program is updated with latest security updates, firewall is working or not. But all these things solve our security concern, no because there [...]
Application security in IIS involves the following processes: Enabling or disabling Web Service Extensions (WSE): To run dynamic Web applications on IIS, you first have to use the Web Service Extensions node in IIS Manager to allow or prohibit the Web service extensions listed below: ASP ASP.NET ISAPI Extensions CGI Extensions Front Page Server Extensions 2000 and 2002 Internet Data Connector WebDAV support To access the Web Service Extensions (WSE), Open the IIS Manager Select the Web Server Extensions node Specifying execute permissions for applications. These permissions enable applications in websites and virtual directories to execute/run. Setting up application pool identities: Application pool identities are configured to control the manner in which worker processes s
This article discusses the top vulnerabilities in a two tier thick client application. Thick client is defined as an applicationclient that processes data in addition to rendering. An example of thick client application would be a VB.NET or Java Swing application that communicates with a database.I have generally observed in these types of applications have weak access controls, weak authentication management, information disclosure, improper error handling or application crash. It is interesting to note that most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick Client applications as they are to web applications.Let us map them for simplicity. Sr OWASP Top 10 (Web Apps) Thick Client 1 Unvalidated Input Unvalidated Input 2 Broken Access Control Broken Access Control 3 Broken Authentication & Session Management Weak Authen
“Wisdom comes from experience. Experience comes from making mistakes.” Just how true that statement was– one does loearn an aweful lot from one’s mistakes. Here are some of the practices. 1. Ensure that all text and all files sent by the user—all—are safe for your system. 2 . Ensure that all personalized SQL [...]
The authoritative guide to implementing fundamental security principles in .NET applications. This guide helps you design, build, and configure hack-resilient Web applications that reduce the likelihood of successful attacks.
