October 2004
Controls for Outsourcing Software Development
by Giridhar T M, CISA
When you outsource software development, how do you ensure that security has been adequately addressed by the vendor? In this article we look at the controls that you need to be put in place over the vendor regarding the various stages of the development lifecycle… more →
Application Logs - Security Best Practices
by Dipesh Rawal, CISA
Security logs capture the security-related events within an application. They help detect security violations and flaws in application, and help re-construct user activities for forensic analysis. Short listing the events to log and the level of detail are key challenges in designing the logging system. This article simplifies the selection by presenting the options that many critical applications chose… more →
Same User, Different Privileges
by Sangita Pakala, GCIH
Frequently, applications have to assign a different privilege level to a user when he accesses it from the internet, versus the internal network. An employee might thus get only read privileges to some pages over the Internet, but update privileges internally. How can the application enforce this securely? Here we discuss the various options… more →
Quiz: Cached Pages
How can an application ensure that its pages are not cached or left on the client after a user has logged out?
- Set pragma: no-cache
- Set page expire = -1
- Set cache-control: no-cache, no-store
- Set cache-control: must-revalidate
Review: Know Your Enemy, 2nd Ed.
by Honeynet Project
We take a look at the “Know Your Enemy” book by the HoneyNet project on the motives and techniques of black hats… more →