Palisade Magazine
 
Single Sign-On Implementation Flaws

September 2011

Single Sign-On Implementation Flaws

by Prashant Verma

In today’s world of complex distributed systems, we see a lot of applications being used by organizations. Due to the increasing number of applications, management of user information has become a nightmare. Hence, a terminology called Single Sign-On (SSO) was introduced. As the term suggests, it is a single sign-on for all the applications in an organization. A sign in to one is considered the same as a sign in to all. Logging in to one would mean a login to all.… more →

Demystifying the Android Malware

by Dinesh Shetty

McAfee’s first quarter threat report stated that with 6 million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. McAfee stated that Android devices are becoming malware havens with Android being the second-most popular environment for mobile malware after Symbian in the first quarter. In this article, we are going to take you through the various phases so as to understand how and what these malwares are exactly made up of. First of all, we will start with discussing the background of Android and then move on to the basics of how an Android package architecture is developed. We shall then analyze an android malware in complete detail.… more →

Mobile Application Testing

by Prashant Verma

Technology is evolving faster by the day. Today, we see mobiles are no longer mobiles, they are small computers. The smartphones run powerful applications, providing everything to users at their fingertips. Users can use their mobiles for:… more →

On the blog recently

Past quizzes

  • Mar '05 : Which is the best method for implementing the Forgot Password feature?
  • Aug '06 : An attacker enters a long nasty looking string into the date field. The input overwrites parts of the running program and executes commands on the server. What type of attack just took place?
  • Dec '06 : Your Internet Banking site is fully SSL enabled. Login-page, Account summary page and Fund transfer page are all HTTPS enabled. When you bank online - login, check your account summary and do a fund transfer, is SSL authentication and handshake happening separately for each page or is it one handshake for all the three pages?
  • Apr '05 : How can I prevent Cross Site Scripting attacks on my application?
  • Oct '08 : How does a web server specify the life time for a page to the browser's cache?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award