Palisade Magazine
 
Database Links Security

October 2008

Database Links Security

by Roshen Chandran, CISSP

Database links (DBLinks in Oracle) are a technique for one database to connect to a remote database and execute queries. The originating database uses an account in the remote destination database to connect. This connection thus uses a username and password of an account in the destination database. The connection has the privileges of the account that’s used in the destination database.… more →

Defeating Encryption in Some Thick Clients

by Madhumita Iyer

While testing thick client applications we sometimes encounter the client encrypting pieces of the request. At such times, many of our variable manipulation attacks are foiled. To overcome this barrier, there are several techniques. Here’s one of the methods we tried for a recent thick client application test.… more →

SAP Baseline Security Audit

by Rajesh Gopinath, GCIH

A SAP Baseline Security Audit tells enterprises how their SAP security posture stacks up against industry best practices. The Baseline Security Audit is the first step in a comprehensive security audit program and is ideal for generating a quick win early. This article outlines the areas covered under the SAP Baseline Security Audit we perform.… more →

QuizQuiz: Specifying life time for a webpage

We have often come across the message “Webpage has expired” when attempting to access a recently accessed page. This message comes as a result of the web server specifying an expiration time for the webpage when it is stored on the browser’s cache. How does a web server specify the life time for a page to the browser’s cache?

  1. Using the Expires header
  2. Using the Max-age directive along with Expires header
  3. Setting the Must-Revalidate header in the response
  4. All of the above

more →

On the blog recently

Past quizzes

  • Oct '05 : Which logging mechanism is best to trace back to the culprit in case of an application fraud, for example, when a fraudster may have illegally transferred money from somebody else’s account to his own account?
  • Sep '04 : How should I protect the session cookie in my web application from getting stolen?
  • Nov '05 : Our applet implements an algorithm that's proprietary and a trade secret. How do I protect the algorithm from getting stolen at the browser?
  • Dec '06 : Your Internet Banking site is fully SSL enabled. Login-page, Account summary page and Fund transfer page are all HTTPS enabled. When you bank online - login, check your account summary and do a fund transfer, is SSL authentication and handshake happening separately for each page or is it one handshake for all the three pages?
  • Apr '09 : Which of the following are the best practices for securing PHP applications?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award