Definition of Application Security
What is Application Security?
Application security is the act of securing a computer application or program.
|
|
Application Security
|
|
Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD
This paper will present one method of securing an anonymous FTP server in an UNIX environment. The paper will begin with a brief overview of the FTP protocol as defined in IETF Standard 9, RFC-959, including vulnerabilities in its design. A discussion will then proceed about the advantages and disadvantages of anonymous FTP. Next, a synopsis of anonymous FTP security basics, followed by highlights of the security features of WU-FTPD, will be presented. The paper will then focus on the compilation, installation, and configuration of a secure anonymous WU-FTPD server running on a Solaris 8 platform.
Read the Article
|
Securing Vulnerable Software
Scott Wimer, CTO Cylant Software, discusses methods for improving the security of a computer system in spite of their vulnerabilities in order to break out of the current security cycle.
Read the Article
|
Security Issues in Running an Email Server
This paper discusses security topics with respect to administering an email system. It starts discussing system hardening (CIS security benchmarks, disabling services, TCP wrappers, Tripwire, logging, etc.) from the perspective of an email system sysadmin. Then it discusses anti-virus software and why quarantining, cleansing, notifying are the wrong approach. Instead, messages containing viruses should be rejected during the SMTP protocol. It details how the SMTP protocol works and how a sendmail mail filter ("milter") can be used to reject messages containing viruses. The milter is included as an appendix. The last section discusses quotas on mail accounts and why blocking rather than queuing/retrying is the best policy, both for the user, the system, and for security.
Read the Article
|
Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach
This paper addresses the security challenges that exist due to programming flaws, and explains how simple programming practices can reduce the risks. The paper starts with a description of common application vulnerabilities and risks. The vulnerabilities that are discussed include Buffer overflows, SQL Injection, Script Injection, XML injection and others. The application development platforms, technologies and tools that are widely used in the industry and the vulnerabilities that exist in them are discussed next. The technology and tools discussed include Web Services, Wireless, JAVA, C/C++, Web and Database. Further, the secure programming practices that can be used to avoid the vulnerabilities are presented. Since more and more organizations are embracing the outsourcing business model, the importance of having good security practices in such an environment is briefly touched upon. In the end, case study examples have been provided to illustrate the use of secure coding principles.
Read the Article
|
Making Your Network Safe for Databases
If you are charged with administering a network that contains a database server, there are a number of steps you can take to help protect the data from being compromised. Properly configured, you can help prevent your organization's information assets from falling into the wrong hands.
Read the Article
|
Options For Securely Deploying Outlook Web Access
In this paper, I will provide an overview of Outlook Web Access and how it functions to deliver Exchange server mail via HTTP. Next, I will take an in-depth look at four primary areas of concern in securing OWA; 1) the foundation technology, 2) encryption and authentication, 3) network architecture and, 4) logoff. Finally, I will review various products that offer a more secure way to deploy OWA than the off-the-shelf solution. It is my goal to heighten the reader's awareness of the potential security risks associated with Outlook Web Access and to provide sufficient technical information regarding options for securely deploying OWA such that administrators can make informed decisions to narrow the direction they wish to take their own deployment efforts. This paper is not an endorsement for any one product or solution.
Read the Article
|
On the Importance of Secure Coding
Secure coding (secure programming) is a field that is gaining a lot of attention. Flaws are constantly discovered in a wide range of known server applications. These flaws are not flaws emerging from an insecure high-level design of the applications but are flaws that were introduced at the source code level and that are a result of careless programming. Such flaws can be exploits of buffer overflows or the result of lacking input validation routines. In this document I will provide a brief definition of secure coding and of secure programs and will try to assess the reasons for the need to focus efforts on this aspect of information security.
Read the Article
|
OpenVMS 7.2 Security Essentials
The purpose of this effort is to construct a Security Essentials paper on OpenVMS 7.2 to satisfy Option 1 of the GSEC V1.4b Practical Assignment by doing the following: 1) Distill the concepts and counsel provided by the OpenVMS manual "Guide to System Security" down to a basic set of implementable practices to be followed when installing and configuring the first OpenVMS system on a network; 2) Assess strengths and weaknesses of the following aspects of an OpenVMS system: physical environment and security, a basic OS installation, objects commonly used from the Authorization Database files and facilities, default state and basic configuration of key system files and directories, Digital's ...Compaq's...HP's...whatever!) implementation of TCP/IP for OpenVMS, and additional TCP/IP-based access services, like SSH; 3) Evaluate OpenVMS as a practical and "secure-able" server OS; and 4) Provide references to additional resources to take OpenVMS beyond the essentials.
Read the Article
|
Secure Programming for Linux and Unix HOWTO
This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95.
Read the Article
|
Security for a CRM environment
Customer Relationship Management software has been a buzzword in the Information Technology industry for quite a few years now. Many companies are looking at how CRM can help make them more successful by providing an extensive customer information database in which Sales, Marketing, Service, and other departments can use a variety of ways to better serve the customer. In today's competitive marketplace, good customer service is extremely important. There are many software vendors selling CRM software packages that offer a one-stop solution for gaining marketplace share, manage, and retain customer loyalty to their product. It is note worthy for companies to keep in mind that CRM deals with handling a company's most important resource: Customer Data.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Members currently browsing this category:
|
|
