Palisade Magazine
 
Best Practices in Input Validation

December 2004

Best Practices in Input Validation

Last week, I polled our consultants on the most common software security errors they saw in 2004. Consultants from across our offices pointed out how simple input validation errors continue to be the #1 problem they see daily. This is really not a new problem; it’s just been a difficult one. I asked them for their list of best practices for validating inputs the top 10 recommendations they have been making to clients on input validation. Here’s the list they came up with… more →

Introduction to Code Obfuscation

by Shaheem Motlekar, GCIH, BS7799 LA

Obfuscation means “to make difficult to perceive or understand”. Code obfuscation in programming world means making code harder to understand or read, generally for privacy or security purposes. Security through obscurity has long been viewed with disregard in the security community. However, there are applications where obscurity can provide a higher level of protection to its source code. Recent theories have shown usefulness of this technique; a popular paper Code Obfuscation techniques by Collberg shows just that.… more →

Backdoors and Trojans in Applications

by Gaurav Shukla, BS7799 LA

Backdoor is a secret or unauthorized channel for accessing computer system. In an attack scenario, hackers install backdoors on a machine, once compromised, to access it in an easier manner at later times… more →

QuizQuiz: Encrypting Sensitive Documents

I want to encrypt sensitive documents in my application. What is the best approach to take while designing a cryptographic solution?

  1. Develop a proprietary encryption algorithm that only I know about
  2. Learn how to implement a standard algorithm like AES or 3DES
  3. Use my platform’s Crypto API classes that implement well-known algorithms
  4. Learn how to manage keys used in the encryption

more →

Review: The Shellcoder's Handbook

by Jack Koziol, David Litchfield, et al.

We take a look at “The Shellcoder’s Handbook” by Jack Koziol, David Litchfield, et al on finding and exploiting buffer overflow vulnerabilities… more →

On the blog recently

Past quizzes

  • Oct '06 : What type of attack is the given example of?
  • Apr '06 : Which of the following websites is least likely to be a target of phishing / pharming attacks?
  • Apr '09 : Which of the following are the best practices for securing PHP applications?
  • May '06 : So how does a software developer ensure that his/her application is safe from buffer overflows?
  • Feb '09 : Which of the following aspects in an ASP.NET application would not help mitigate the risk of CSRF attacks?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award