Palisade Magazine
 
Flawed Authentication System Implementation

April 2011

Flawed Authentication System Implementation

by Jaideep Jha

There are various motivations and factors that drive the implementation of an authentication system in an organization… If authentication systems are implemented without putting thought to resultant side effects, then they may introduce security vulnerabilities. We will discuss two cases of such flawed implementations in this article.… more →

Implementing a Secure Forgot Password Solution

by Harshvardhan Parmar, GCIH

In the last article, we observed some of the common flaws in the implementation of the Forgot Password feature. This time we will take a look at one of the most common implementations of Forgot Password feature that we have seen in various banks and a drawback to this implementation that might very well be called as a chink in an otherwise impenetrable armor. We will also take a look at how we can implement a Forgot Password feature that addresses all possible threats.… more →

Watchful File Upload

by Ashish Rao

A file upload is a feature of a web application, which throws open the doorways of the entire file system of the server to end users. What more would an attacker want anyway! Applications that store the uploaded files on the server without any validation put their servers at a huge risk of being compromised. Files like harmful executables can cause considerable damage to the servers. However, it also depends on the way the uploaded files are being handled by the applications.… more →

On the blog recently

Past quizzes

  • Jun '06 : How can we prevent directory traversal attacks on the web servers?
  • Sep '06 : Which of the following is the most effective password?
  • Nov '06 : What is the average lifetime of a phishing site today?
  • Feb '09 : Which of the following aspects in an ASP.NET application would not help mitigate the risk of CSRF attacks?
  • Dec '04 : What is the best approach to take while designing a cryptographic solution?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award