March 2005
Built-in Intrusion Detection
We’ve emphasized how to improve our applications’ defenses in the pages of Palisade. Most of these have focused on building stronger defenses to prevent breaches. Today we look at ways to improve the monitoring capabilities in our applications… more →
Selecting Application Security Vendors
by Jose Varghese, CISSP, BS7799 LA
Traditional security has always been focused on perimeter defense. With most of the organizations having strengthened their perimeters with Firewall, VPN and intrusion detection systems, attackers have shifted their focus to the application layer. Most of these attacks are far more damaging that network layer attacks and primarily focus on the weaknesses in the application like poor input validation; insecure sessions management etc. For effective security, it is important for the enterprise to ensure that all business applications are tested for security as rigorously as they are tested for functionality and performance before they are deployed in production… more →
Source Code Analyzers
by Manu Puthumana, BS7799 LA
As early as the year 2002, Gartner’s research had shown that over 70% of all successful attacks make use of application vulnerabilities. And the last thing we do in security is looking at our own code for any problems. Coding is tough enough, and secure coding from the word go itself can sometimes seem an almost impossible task. However, we do have some good news.… more →
Quiz: Implementing 'Forgot Password' feature
Which is the best method for implementing the Forgot Password feature?
- Displaying the old password after asking a reminder question
- Displaying a new password after the reminder question
- Sending a temporary password by mail
- Sending a temporary link to a ‘Change Password’ page by mail
Review: Microsoft Security Developer Center
We take a look at a Microsoft website dedicated to Application Security for Windows developers — Microsoft Security Developer Center… more →