November 2004
Catch'em Young - How to discover vulnerabilities early
by Roshen Chandran, CISSP
Bugs are introduced at every stage in the development lifecycle. Some of them are caught quickly in the same stage itself. However, many are caught only much later. Here’re the systems we find to be most effective to address security bugs… more →
Integrating Smart Cards in Web Applications
by Abhishek Kumar, BS7799 LA
Smart cards can enhance the security of many web applications — they provide a secure and mobile platform for authentication and non-repudiation. In this article we look at the problems they solve (and do not solve), and the factors to be considered in their selection… more →
Of Captchas, Gimpys and BaffleText …
by Andres Desa, BS7799 LA
Automated computer programs, or bots, can repeatedly hit your web site and execute thousands of requests a minute. These bots can mount brute force attacks to break passwords, automate registrations, fake large volume of support queries, etc. If you haven’t taken protection against these yet, you might want to evaluate the options. In this article, we look at the state of the art in foiling bots… more →
Quiz: SQL Injection Attacks
How can I protect my application from SQL Injection attacks?
- Check all user inputs for special characters like " ‘ "
- Use Database stored procedures
- Use parametrized queries instead of dynamic SQL statements
- All of the above
Review: How to Break Software Security
by James A. Whittaker, Herbert H. Thompson
We take a look at the “How to Break Software Security” book by James A. Whittaker & Herbert H. Thompson on software security testing and attack techniques… more →