Palisade Magazine

Palisade Authors

Abhishek Kumar

• Integrating Smart Cards in Web Applications
  The smarter way of authenticating your application users

Ajish T John

• Firewall Rulebase Cleanup - A manual approach
  Get to know the best practices for cleaning up your firewall rulebase

Amar Bhosale

• Top 5 iOS Application Security Flaws
  Here are the most common mistakes made by iOS application developers

Amirthamurugaraj

• My Website is infected with Malware - What's next?
  Know what you need to do once your website is infected with malware

Andres Desa

• Of Captchas, Gimpys and BaffleText …
  Stopping automated bots dead in their tracks

Anoop Mangla

• Distributed Reflection Denial of Service: A Bandwidth Attack
  How distributed reflection denial of service attacks work
• Two Factor Authentication
  We discuss various two factor authentication mechanism

Arvind Doraiswamy

• Browser Plugin Security
  Get to know the basics of browser plugins and their insecurities
• Malware - Spreading and Mitigation
  Learn and understand how malware spreads and how to protect yourself against it
• Virtualization – the promised land?
  Is virtualization the magic bullet to solve all our security problems?
• Wireless Security - Cracking WEP
  How an adversary goes about trying to crack WEP
• Wireless Security - How WEP works
  Learn about the working of WEP in detail as an encryption technique on wireless networks

Ashish Kumar

• Secret Questions – A soft target
  Get to know the weaknesses in a common challenge question and answers feature of an application

Ashish Rao

• Control Flow Myths busted in Java
  Here is our attempt to break some of the common myths in java programming world
• Watchful File Upload
  How to best achieve programmatic validation against uploaded files

Avinaash Acharya

• Securing PHP using Hardening Patch and Suhosin
  Learn how to secure php applications using hardening patches

Balaji V

• NERC CIP Standards for Bulk Electric System SCADA Networks
  Learn about the NERC CIP standards for Bulk Electric Systems in a crisp
• Securing a SCADA network - Part II
  Learn about the vulnerabilities affecting SCADA networks
• Securing a SCADA network - Part I
  Understand the security concerns and challenges in a SCADA network
• Wi-Fi Protected Access
  Wi-Fi Protected Access (WPA) is the most popular security mechanism used in Wireless LANs. It is based on standards and interoperates across vendors.
• Application Penetration Tester's Toolkit
  In this article series, we will be looking at some of the tools used for application penetration testing
• Session Riding Attacks
  Learn about how session riding attacks take place and how to defend against them
• Thick Client Application Security - Defenses
  Balaji discusses the defense mechanisms available to tackle attacks on thick client applications
• Thick Client Application Security - Attacks
  Attack vectors and tools for thick clients
• Defeating Bots with CAPTCHAs
  stopping bots in their tracks using CAPTCHAs
• Using browser refresh to expose passwords
  Exploring the vulnerabilities arising out of the use of back, forward and refresh buttons.
• Google Hacking - Is your web application secure?
  Techniques used in google-hacking and how to safeguard web applications from this.

Bhaven Haria

• Understanding SSL VPN
  Learn about the increasingly popular form of VPN and a few of its advantages and concerns.

D.P. Dube

• Design Basis for a Banking Fraud Risk Management (BFRM) Solution
  Get to know the factors to consider when establishing a fraud risk management solution

Deepu Thomas Philip

• Implementing Password Recovery
  Best practices on implementing password recovery features

Dinesh Shetty

• Android vs. iOS: Security Comparison
  Compare the security features available in Android and iOS platforms
• Demystifying the Android Malware
  Get to know in-depth about malware infecting the Android platform

Dipesh Rawal

• Application Logs - Security Best Practices
  What to log in an application to allow complete analysis later

Firosh Ummer

• Insecurities in Healthcare Applications
  Learn about the threats faced by today's healthcare applications and how to defend against them

Gaurav Shukla

• Backdoors and Trojans in Applications
  How you can protect your application from future threats.

Giridhar T M

• Controls for Outsourcing Software Development
  Addressing security when outsourcing software development

Harshvardhan Parmar

• Implementing a Secure Forgot Password Solution
  Get to know some of the best practices to implement a secure forgot password solution
• Common Flaws in Forgot Password Implementation
  Learn some of the common mistakes committed when implementing the forgot password feature
• Cookie Attributes and their Importance
  Go back to basics and understand the cookie attributes

Hrishikesh Sivanandhan

• Understanding Encryption Requirements of PCIDSS
  Learn and understand the encryption requirements of PCIDSS

Jaideep Jha

• Flawed Authentication System Implementation
  Learn about some of the flaws in the implementation of common authentication systems
• Secure coding techniques in ASP.NET - Part 2
  Learn more secure coding practices for ASP.NET applications
• ASP Session Cookies
  Solution for changing session cookies in ASP applications

Jose Varghese

• Back to Basics: Internet Cookies
  Get to know the basics of internet cookies and how they store information
• Back to Basics: Http Essentials
  Get to know some of the basic concepts on caching in our HTTP essentials series
• Anti-phishing - Incident Response
  Prepare yourself to respond to a successful phishing attack against your website by following these steps.
• Anti-Phishing Techniques - Detection Measures
  Read about the various techniques for detecting phishing attacks against your websites.
• Anti-Phishing Techniques - Protection Measures
  Get to know the latest in Anti-Phishing Techniques and start protecting your website users
• Selecting Application Security Vendors
  Guidelines on choosing an application security vendor

Kumar Manivel

• Thinking Beyond Security Assessments
  Is having security assessments done enough to protect your applications and infrastrcture

Madhumita Iyer

• Testing Mobile Applications for Security Vulnerabilities
  Read about the different techniques and tools used for mobile application security testing
• Defeating Encryption in Some Thick Clients
  Learn about how to defeat some of the encryption mechanisms used in thick client applications

Manish Chasta

• Insight into Web Application Firewalls - Part 2
  Learn about the configuration options on a WAF and the use of Regular Expressions to create rules
• Insight into Web Application Firewalls - Part 1
  Read about how to setup the Mod_Security web application firewall on a Apache server

Manu Puthumana

• Source Code Analyzers
  Securing against code security flaws in development time

Mayank Somani and Nikhil Sreekumar

• Financial Fraud Analysis of Automated Clearing House - Boon to Doom
  Take a look at how to analyze a fraud in an ACH transaction and measures to prevent it

Nilesh Chaudhari

• Pharming on the Net
  What you need to know about Pharming and Phishing
• PHP Security - Securing the environment
  Securing the PHP Environment

Nilesh Kapoor

• Catching Back Doors through Code Reviews
  Know how to identify backdoors through application source code reviews

Paresh Amin

• Measuring the Value of Remote Application Security Testing
  Learn how to measure the value of application security testing

Prashant Gawade

• HTTP Request Smuggling
  A short introduction to a new attack vector for web applications
• Cryptanalysis: Collision attack in Hashing
  Hashing algorithms that are vulnerable to collision attacks and how difficult it is to execute the attacks.

Prashant Verma

• Benefits of Mobile Application Code Reviews
  Get to know the benefits of code review for mobile applications
• Mobile Application Testing
  Here are some of the important aspects to focus when carrying out a mobile application test
• Single Sign-On Implementation Flaws
  Learn about the flaws in the default implementation of Single Sign-On Authentication Systems
• Security Review of PeopleSoft Custom Code
  Understand the basic approach to security code review of a PeopleSoft HRMS
• Basics of Forensics Log Analysis
  Get to know the basics of forensic log analysis

Priyali Vibhute

• Security Enhancements in Visual C++
  Introduction to security enhancements in Visual C++ by way of functions and switches
• Encrypting data in Databases
  How database encrytion can enhance the security of our data

Rajesh Gopinath

• JavaScripts to Enhance Website Security
  Here are some javascripts to improve your website security
• Meeting compliance requirements through application & network penetration tests and code reviews
  Learn about how application and network penetration tests addresses compliance requirements
• SAP Baseline Security Audit
  Here we discuss some the baseline checks we cover in a SAP security audit

Rajesh Jose

• Preventing Buffer Overflows
  Methods on protecting against the most common attack technique

Reena Agarwal

• Top 5 Secure Coding Tips for PHP applications
  Here are some useful tips to develop secure PHP applications

Roshen Chandran

• Database Links Security
  
• Defend against Reverse Engineering
  Using hardware tokens to protect your intellectual property
• Phishing Questions
  Here we answer some of the questions raised by readers on our phishing series
• SaaS Security Testing - The Challenges
  Learn about the challenges involved in securing SaaS
• Smart Questions for Customer Reference Checks
  Find out what are the questions you can address when conducting customer reference checks.
• 5 Tips for Securing Software as a Service
  Some excerpts from our experiences on security testing of SaaS applications
• Securely Webifying Applications
  An executive briefing on the most common mistakes from the field
• Are Complex Passwords Really Necessary?
  Learn about complex passwords and what do they protect and what they dont.
• Catch'em Young - How to discover vulnerabilities early
  Addressing software bugs in the early stages of software development
• Security at Software Requirements Specification
  Security from the Requirements Specifications stage onwards
• Automated Application Vulnerability Scanners
  The role of automated scanners in Application Security Testing
• Authentication - Security Best Practices
  Ten good practices to secure the authentication system

Runa Dwibedi

• XPath injection in XML databases
  How XPath queries can be manipulated to access sensitive information in XML databases.

Sachin Shetty

• Security in SMS Banking
  Mitigating vulnerabilities in the SMS banking environment
• SMS Banking
  Understanding a typical SMS banking setup
• Fighting Keyloggers
  All about keyloggers and how to prevent them from capturing data

Sachin Varghese

• Log Monitoring and Malware Scanning: Stay Ahead of the Threat Curve
  Read about how to address the latest threats to applications
• Selecting Application Security Vendors – Part II
  See if the guidelines to select an application security vendor have changed over the past four years

Sam Varughese

• The reign of bots
  How a network of bots, or automated programs, can be used to do much more than a DDoS
• Rainbow Cracking and Password Security
  This article presents the recent rainbow table attacks on password hashes
• Security Reverse Proxy
  Protecting web applications in real-time

Sangita Pakala

• Evolution of Authentication in Web Applications
  Understand the pros and cons of various authentication schemes used in web applications
• The Payment Application Data Security Standard (PA DSS)
  Learn about the new Payment Application Data Security Standard
• LinkDemand and InheritanceDemand
  Best Practices for LinkDemand and InheritanceDemand
• Assert Safely: How to use .Net's Assert wisely
  how to use a powerful feature of .NET securely: the assert security action.
• Secure your sessions with Page Tokens
  How page tokens can enhance the security of applications beyond regular session tokens
• Datamonitor Survey on Software Security Testing
  Studying the security testing trends among 68 Independent Software Vendors.
• Same User, Different Privileges
  Options to consider when assigning different privilege levels to same user
• Passwords - In Memory Still Green
  How passwords can get stolen inspite of encryption
• Threat Modeling
  A Proactive Approach to Security

Sanjeev Verma

• Cloud Computing Security
  Learn about the different cloud computing service models and security issues

Santosh Jadhav

• Web Services Security - The Basics
  Get to know some of the concepts of Web Service Security
• Virtual Keyboard and the Fight Against Keyloggers
  Learn the different techniques to defend against keyloggers

Santosh Kumar

• Are stored procedures safe against SQL injection?
  Let's check if one of the most widely used attack techniques are successful on SQL stored procedures

Sapna Satish

• CSRF - The hidden menace
  See how CSRF can affect web applications

Shah Nawaz

• Browser Hijackers
  How someone can hijack your browsing experience and how you can take precautions
• Security issues in 'Remember Me' feature
  How passwords stored in web browsers are vulnerable to exposure

Shaheem Motlekar

• Interviewing software developers
  Quizzing your developers on application security
• Security Architecture for Multi-Tier Applications
  We consider the most common breakdown of a tiered application - Presentation, Business Logic and Data
• Introduction to Code Obfuscation
  Security through obscurity? It does have some advantages.
• Training your Developers
  Two pronged approach to training developers on safer applications

Shalini Gupta

• More on dodging spiders
  Learn what more techniques can be used to prevent spiders from crawling on the sensitive pages of your websites.
• Dodging the spiders
  Tackle the nuisance of spiders on your website in this two part series
• Implementing SSL
  Implementing SSL on your webserver
• Understanding SSL
  How SSL works, what it protects, what it does not protect against.

Siddharth Anbalahan

• Secure coding techniques in ASP.NET - Part 1
  Get to know the secure coding practices for developing ASP.NET applications
• Cache Control Directives Demystified
  Get to know how to use the different cache control attributes
• Common mistakes in two-tier applications
  we look at some of the common mistakes made in configuring and developing two-tier applications
• Securing Web Based Payment Systems
  We shall look at some of the risks involved in Internet-based payment systems
• Securing IIS Web Servers
  Make use of these security enhancements in IIS 6.0 to secure your web servers.
• Securing Apache Web Servers
  Secure your apache web servers with these secure configuration settings

Sonali Gupta

• Code Obfuscation Part 3 - Hiding Control Flows
  We look at control obfuscation, a class of obfuscation techniques that targets the control flow in a program
• Code Obfuscation - Part 2: Obfuscating Data Structures
  Sonali presents the different methods of data obfuscation with examples and also analyzes their quality
• Code Obfuscation
  Introduction to code obfuscation techniques and evaluating their qualities
• Steganalysis
  Techniques for extracting hidden data from stego-objects
• All About Steganography
  All about Steganography and how it can be used
• Securing Database Connection Strings
  A security cordon is only as strong as its weakest link

Sourabh Saxena

• URL Redirection Flaw
  How attackers use redirection flaws to trick users.

Sreenarayan A

• Mobile Phone Data Encryption – Why is it necessary?
  Learn the necessity to encrypt the data stored on mobile phones

Sudhindhar J

• An Attack Response Model for a Network Compromise
  Create an attack response model for your network

Suraj Sankaran

• Mobile Banking - Threats and Mitigation
  Let's have a look at the threats faced by mobile banking solutions
• Mobile Banking Architecture
  The author presents two popular mobile banking architectures and dives into the exchange of messages between the components

Terence Cornelius

• Best Practices for Protecting Banking Sites
  Follow these best practices to protect your banking websites
• Approach to Business Impact Analysis
  Learn about an effective approach to conducting a business impact analysis in your organization

Vaibhav Sonawane

• Bypass XSS filters using data URIs
  Discover the various data URIs that can be used in Cross-Site Scripting attacks

Varun Chaudhry

• Securing Documents in Web Applications
  Serving non-html documents to authenticated users

Vikram GR

• Defeat SSL Using Null Prefix Attack
  Learn about the null prefix attack that targets SSL certificates
• Malware Infection on Websites
  Learn about how to detect and remove malware that infects your websites

Vivek Shetti

• Why Static Analysis?
  Know more about static analysis and what you can get out of it