Palisade Magazine
 
Interview: What works in Training Security Testers

June 2005

Interview: What works in Training Security Testers

As software organizations figure out how to integrate security testing into the QA process, Palisade talked to Firosh Ummer to learn how he set up the internal training program for security testers at Paladion. With participants from the training program going on to test over 300 applications in the last 3 years, Firosh has been continuously refining the program to make it more effective.… more →

Cryptanalysis: Collision attack in Hashing

by Prashant Gawade

In general two types of attacks have been found prevalent in hashing -preimage attack and collision attack. In this article we look at some of the details of the collision attack including - which hashing algorithms are vulnerable and how difficult it is to perform these attacks. … more →

Encrypting data in Databases

by Priyali Vibhute, BS 7799 LA

Organizations take a lot of steps to protect their confidential data. Almost all security measures including encryption are considered only while transferring information on the wire not while storing it in the database. More often than not, it is stored as clear text in the database. In this article we see how database encrytion can enhance the security of our data. … more →

QuizQuiz: Preventing Phishing attacks

Which is the best method to protect my customers from phishing attacks?

  1. Have strong authentication mechanisms like Hardware Tokens, E-mail Signing etc.
  2. Include personalized web pages to make it hard to impersonate the site
  3. Creating awareness among customers about phishing

more →

Review: SQLSecurity.com

If you design applications that access MS SQL Server or are responsible for maintaining SQL Server, then SQLSecurity.com is the go-to site for you. Started in 1999 by Chip Andrews (the co-author of “SQL Server Security”), the site has grown in content answering your questions on securing SQL Server databases, and then some more. … more →

On the blog recently

Past quizzes

  • Jul '08 : A new proposal has been formed by W3C, to incorporate Web 2.0 developer's demands, by allowing cross site requests. Which among the following is the said proposal?
  • Mar '07 : Which of the given options best describes an Anti-Phishing Measure?
  • Sep '05 : When is the best time to assign session ids?
  • May '05 : How should I mask my web server's banners to get enhanced security?
  • Feb '06 : Which of these is not a good strategy for handling secrets in .Net?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award