December 2010
Design Basis for a Banking Fraud Risk Management (BFRM) Solution
by D.P. Dube
Despite the enormous worldwide focus on corporate governance, risk management and information security measures over the past couple of decades, we are still seeing major frauds happening in the Industry. Some of the global statistics on Fraud are really scary, viz:… more →
JavaScripts to Enhance Website Security
by Rajesh Gopinath, GCIH, CISSP
Nowadays, JavaScript is extensively used to enhance user experience. However, the use of JavaScript to enhance website security is not quite popular. A few JavaScripts that can enhance website security without causing too much inconvenience to web users are as follows:… more →
Common Flaws in Forgot Password Implementation
by Harshvardhan Parmar, GCIH
As awareness about information security is increasing, application owners are taking measures to safeguard their applications. But even with a single vulnerability present, an attacker might be able to gain control of the application. A lot of attention is given to securing the authentication mechanism for an application as post-login data is deemed confidential and important. However, sometimes a seemingly harmless feature on a public page might render all the prevention and security mechanisms useless. The ‘Forgot Password’ feature is one such feature, which can be misused to compromise user accounts.… more →