Palisade Magazine
 
XPath injection in XML databases

July 2005

XPath injection in XML databases

by Runa Dwibedi, BS7799 LA

Applications that use XML databases are vulnerable to injection attacks. Read on to find out how XPATH queries are manipulated to access sensitive information… more →

Google Hacking - Is your web application secure?

by Balaji V

Google hacking is a term that refers to applying advanced searching techniques to access unauthorized information through any search engine. In this article we look at some of vulnerabilties which are exploited by these techniques and how to safeguard applications from being compromised.… more →

Security Enhancements in Visual C++

by Priyali Vibhute, BS 7799 LA

Microsoft added several security enhancements in Visual C++ recently: secure versions of vulnerable functions, new functions optimized for security and security switches for the compiler. This article introduces these features and helps developers use them immediately… more →

QuizQuiz: Transmitting Session IDs

What is the best method for transmitting session IDs?

  1. Sending the session ID in plain text in the URL.
  2. Sending hashed session ID in the URL.
  3. Sending the session ID as a hidden value in the form.
  4. Embed the session ID in the Cookie.

more →

Review: HTTP Developer's Handbook

Chris Shiflett’s “HTTP Developer’s Handbook” is an excellent place to learn the innards of the HTTP protocol for security testers.… more →

On the blog recently

Past quizzes

  • Mar '06 : Which is/are the secure methods, among given options, to prevent email addresses harvesting?
  • May '05 : How should I mask my web server's banners to get enhanced security?
  • Oct '05 : Which logging mechanism is best to trace back to the culprit in case of an application fraud, for example, when a fraudster may have illegally transferred money from somebody else’s account to his own account?
  • Nov '06 : What is the average lifetime of a phishing site today?
  • Jun '07 : Which of the following is/are required as safe authentication controls at login page?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award