Palisade Magazine
 
Passwords - In Memory Still Green

August 2004

Passwords - In Memory Still Green

by Sangita Pakala, GCIH

Passwords are the keys to applications. Any user will want to protect his/her password from others, especially attackers. That is a good practice, but is not enough.… more →

Automated Application Vulnerability Scanners

by Roshen Chandran, CISSP

Organizations have been looking at Application Vulnerability Scanners to automate the task of assessing the security of applications. This article explains how these scanners work, where to use them and where they are inadequate.… more →

Security at Software Requirements Specification

by Roshen Chandran, CISSP

Applications designed with security in mind are safer than those here security is an afterthought. Traditionally security issues are first considered during the Design phase of the Software Development Life Cycle (SDLC) once the Software Requirements Specification (SRS) has been frozen. That’s one stage too late.… more →

QuizQuiz: Securing non-HTML content

An online banking application lets the user export account statements as text files or Excel spreadsheets. How should the application generate, store and dispatch these non-HTML content to the user’s browser?

  1. Maintain these files in the web server’s file system, and redirect the user to the correct file when requested.
  2. Store the data in a database, and create the files temporarily in the local file system when a user requests it. Then redirect the user to this temporary file.
  3. Store the files in a database, read it with a server program and dispatch the files directly to the browser by setting the content-type directive.

more →

Review: Threat Modeling

by Frank Swiderski, Window Snyder

We take a look at “Threat Modeling” by Frank Swiderski, Window Snyder on the structured approach of analysing security threats.… more →

On the blog recently

Past quizzes

  • Jul '05 :
  • Jul '08 : A new proposal has been formed by W3C, to incorporate Web 2.0 developer's demands, by allowing cross site requests. Which among the following is the said proposal?
  • Mar '05 : Which is the best method for implementing the Forgot Password feature?
  • Oct '05 : Which logging mechanism is best to trace back to the culprit in case of an application fraud, for example, when a fraudster may have illegally transferred money from somebody else’s account to his own account?
  • Mar '07 : Which of the given options best describes an Anti-Phishing Measure?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award