Palisade Magazine
 
Preventing Buffer Overflows

September 2004

Preventing Buffer Overflows

by Rajesh Jose, CISSP

Buffer overflow vulnerabilities are the result of poor input validation: they enable an attacker to run his input as code in the victim. Even when care has been taken to validate all inputs, bugs might slip through and make the application insecure. This article presents the various options available to protect against buffer overflows… more →

Securing Database Connection Strings

by Sonali Gupta, GCIH

In today’s systems, we check applications for vulnerabilities, write safer code and encrypt data communication; but we often overlook the database connection string. A connection string specifies the parameters for an application to connect to a database: it holds a lot of critical information including the username and password for accessing the database. Applications traditionally pass and store connection strings in plain text. An adversary could get this data if he has access to the machine. So what is the solution to this problem?… more →

Training your Developers

by Shaheem Motlekar, GCIH, BS7799 LA

The most effective way to secure applications is by writing them securely; and the best way to achieve this is by training your development team to write safer applications. This article presents the key components of a security program for your development team… more →

QuizQuiz: Protecting Session Cookies

How should I protect the session cookie in my web application from getting stolen?

  1. Use strongly random strings for the session token.
  2. Set the “secure” attribute for the session cookie.
  3. Set the “httponly” attribute for the cookie.
  4. All of the above.

more →

Review: Writing Secure Code, 2nd Ed.

by Michael Howard, David LeBlanc

We take a look at the “Writing Secure Code, 2nd Ed” book by Michael Howard & David LeBlanc on safe programming practices and guidelines security principles and threat modeling… more →

On the blog recently

Past quizzes

  • Jul '05 :
  • Jun '08 : What is Cross Site Printing?
  • Sep '06 : Which of the following is the most effective password?
  • Jun '07 : Which of the following is/are required as safe authentication controls at login page?
  • Mar '07 : Which of the given options best describes an Anti-Phishing Measure?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award