Information Security

Activate your FREE membership today | Log-in

TechTarget ANZ : Targeted Information for IT Professionals

Visit other TechTarget ANZ sites:

Home > Application Security > Web Security > Web Application Security (Also see Web Access Control)

Web Application Security (Also see Web Access Control)

Article (34)

Security essentials once you run Web applications
Michael Cobb reviews the security devices needed to protect a newly built Web application.
How to secure Google Wave
Online collaboration applications and tools like Google Wave create their own special security challenges, which we defuse in this story.
Google promises better Wave security
Google admits security for its Wave collaboration tool is currently minimal, but promises to bolster its defenses to ready it for enterprise users.
Google willing to customise security for cloud apps
Would-be users of Google' s hosted applications deterred by security concerns can negotiate with the company to arrange bespoke security settings.
VIDEO: Are web application firewalls strong enough?
Web application firewalls may not be strong enough to repel new threats, says Hugh Thompson, founder and chief security strategist at People Security.
Security agency MI5's website hacked
UK security agency MI5's website has fallen victim to a basic XSS attack.
Q&A: How to stop cross-site request forgery attacks
Learn how to identify and stop cross-site request forgery attacks.
Secure that shopping cart!
Learn how to secure online shopping carts with threat modeling.
Bit.ly borked, Twitter threatened
Researchers have found several several cross-site scripting flaws in URL shrinker Bit.ly that could offer a way to abuse Twitter accounts.
Researchers declare "Month of Twitter Bugs"
Security researcher Aviv Raff has started a new project to find bugs in Twitter.
Single sign-on for Web access control
Learn how to adopt single sign-on with multifactor authentication to secure web applications in this tutorial.
How to select a Web Application Firewall
Learn how to buy the Web Application Firewall your business needs configure it to achieve PCI DSS compliance.
Don't trust the browser: Ajax security expert
Billy Hoffman, the manager of HP's Web Security research group, says that browsers are not to be trusted, in this Q&A and book extract.
IBM thumb drive could defeat malware
A new technology that operates without touching drivers is being touted by IBM as having the potential to defeat keyloggers and other malware.
Web 2.0 presents no new security challenges, is just marketing hype: Secure Computing
Secure Computing says Web 2.0 security is marketing hype, flaws come from overworked programmers and Australian cyber-security beats that of the US and Europe.
Aaargh! Zombies!
Patrick Gray interviews Arbor's Nick Race to learn about the company's approach to targeting botnets.
REVIEW: F-Secure Client Security 7.0
Brent Hutson examines F-Secure's new business-targeted endpoint security software.
HP acquires SPI dynamics
HP has planted a flag in the web application security space by acquiring SPI Dynamics
Web application security strategies
Web applications have very different security requirements to conventional code. In this checklist, Kevin Beaver explains how to make sure your web apps are super-secure!
Web Application Security - The end!
In the final part of our web application security piece, we examine how lazy coding makes web applications vulnerable.
Web Application Security Part Four - Why worry?
What's at stake if your web application is insecure? Patrick Gray explains the perils and pitfalls.
Web Application Security Part Three - This is illogical!
Part three of our series on web application security considers the way application design impacts security.
I don't want a Web application security product; I want a solution
The RSA conference shed plenty of light on Web Application Security, but Anurag Agarwal feels the industry's approach may not be what users need.
Web application security - the rise of the worm!
In part two of our series on web application security Patrick Gray explores worms and other threats.
JavaScript mashups raise application security issues; require caution
Mashups, which combine Web pages within a single view, may be cool, but they're inherently insecure and have access to confidential information.
Software security testing: Finding your inner evildoer
Software testers need to leverage their evil alter-ego to more thoroughly security test Web applications.
Hacker techniques use Google to unearth sensitive data
Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns.
What causes buffer overflows and memory leaks in a Web application?
Buffer overflows and memory leaks can cause serious harm to Web applications. In this SearchSecurity.com Q&A, application security expert Michael Cobb reveals how both can lead to security breaches and system compromises.
The dangers of application logic attacks
As a preview to next week's series on web application security, we offer a tip from Web application security expert Michael Cobb on how application logic attacks occur and how you can fight back.
Improve Web application security with threat modeling
In this tip, Web security expert Michael Cobb takes a detailed look at threat modeling and reviews how using this process during the SDL not only enhances Web application security, but also adds business value.
Ajax threats worry researchers
Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers.
Report: Web applications caught in a storm of attacks
A new survey shows not only how attackers are pummeling Web applications using bots, Google and other tools, but also why targeted attacks are getting tougher to trace.
WebEx addresses ActiveX flaw
The Web conferencing leader has patched an ActiveX flaw that could have enabled an attacker to gain access to sensitive data.
Microsoft releases 13 security patches, eight critical
The baker's dozen of new patches includes 12 new ones that address flaws in Internet Explorer and Word, plus a re-release of a patch first issued in March.

News (5)

Phishers target Yahoo login credentials
A new phishing attack targets Yahoo! and other hosting services.
Google fixes Gmail zero-day
Google has fixed the serious Gmail zero-day flaw written about last week.
AJAX flaws abound
Web 2.0 programming darling AJAX is hard to secure and already presents interesting new attack vectors.
Critical security patch for Adobe Flash Player
Adobe Systems has patched multiple Adobe Flash Player flaws attackers could exploit to hijack computers and cause a variety of damage.
Serious Google Gmail flaw exposes sensitive user data
A Google Gmail cross-site scripting vulnerability allows attackers to silently forward emails and view sensitive data.

Tips (9)

Web application hacking: Inside the mind of an attacker
Want to prevent your Web app from being hacked? Then you need to think like an attacker. Change your mindset and think about how your app can be misused.
Cracking passwords the Web application way
Don't think your Web application is secure just because it uses SSL. If you don't have proper login controls, attackers can crack passwords and get in.
Ensuring Web application security during a company merger
Integrating applications in the aftermath of a merger is a complicated affair. Michael Cobb explains how to avoid turf battles and conduct an unbiased examination of security arrangements.
Do any freeware tools scan for Ajax vulnerabilities?
Securing Ajax applications is a new challenge for anyone developing Web services. In our expert Q&A, Michael Cobb reviews tools that can assess the vulnerabilities of Ajax Web applications.
Software security flaws begin and end with Web application security
By now, developers are well aware that Web applications are vulnerable to an attack, though recent data indicates that the threat may be growing. In this tip, Michael Cobb offers insight as to why Web application vulnerabilities linger and provides defense tips for Web developers and their organisations alike.
Ajax security: How to prevent exploits in five steps
While Ajax can make your Web pages feel faster and more responsive, this Internet-based service, like many Web development tools, has its security concerns. In this tip, SearchSecurity.com expert Michael Cobb examines how Ajax works, how hackers can exploit it, and what Web developers can do to prevent Ajax exploitation.
Best practices for pen testing Web applications
Performing a Web application penetration test can gauge how well your Web application can withstand an attack. In this tip, platform security expert Michael Cobb provides best practices for performing Web application pen test.
Secure data transmission methods
The main purpose of this tip is to explore secure data transmission options that are available to help meet regulatory and legal requirements.
Application firewall tips and tricks
While network firewalls are effective at blocking unwanted communications, they do not provide a complete examination of traffic entering your network. Therefore, adding application-layer firewalls is essential to protecting your network from the inside out. This tip reviews types of application firewalls, how to properly configure them and create rule sets, and explains how to use whitelists, blacklists and traffic audits to secure your data and systems from attackers.

© 2010 TechTarget ANZ. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this website constitutes acceptance of the TechTarget ANZ Terms and Conditions and Privacy Policy.

TechTarget ANZ sites: SearchCIO.com.au | SearchNetworking.com.au | SearchSecurity.com.au | SearchStorage.com.au | SearchVoIP.com.au