Definition of Application Security
What is Application Security?
Application security is the act of securing a computer application or program.
|
|
Application Security
|
|
Search Engines Used to Attack Databases
More recently, hackers have started to use search engines to find web facing database interfaces that can be used to mount attacks on databases placed behind a firewall. This is a significant new development, completely exposing previously "protected" databases to outside attack. As we will demonstrate in this white paper, an attacker can data mine any of the commonly used search engines to find target databases to attack.
Read the Article
|
Secure programmer: Countering buffer overflows
This article discusses the top vulnerability in Linux/UNIX systems: buffer overflows. This article first explains what buffer overflows are and why they're both so common and so dangerous. It then discusses the new Linux and UNIX methods for broadly countering them -- and why these methods are not enough. It then shows various ways to counter buffer overflows in C/C++ programs, both statically-sized approaches (such as the standard C library and OpenBSD/strlcpy solution) and dynamically-sized solutions, as well as some tools to help you. Finally, the article closes with some predictions on the future of buffer overflow vulnerabilities.
Read the Article
|
Secure Programming for Linux and Unix HOWTO
This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95.
Read the Article
|
Security Issues in Running an Email Server
This paper discusses security topics with respect to administering an email system. It starts discussing system hardening (CIS security benchmarks, disabling services, TCP wrappers, Tripwire, logging, etc.) from the perspective of an email system sysadmin. Then it discusses anti-virus software and why quarantining, cleansing, notifying are the wrong approach. Instead, messages containing viruses should be rejected during the SMTP protocol. It details how the SMTP protocol works and how a sendmail mail filter ("milter") can be used to reject messages containing viruses. The milter is included as an appendix. The last section discusses quotas on mail accounts and why blocking rather than queuing/retrying is the best policy, both for the user, the system, and for security.
Read the Article
|
SQL Server 2000: Permissions on System Tables
In this paper I will cover the access rights to system tables the public role has in these two system databases as well as in a typical user database. I'll also cover how the guest user adds to the conundrum, especially with respect to the system databases and cross-database ownership chaining. Finally, I'll look at what permissions can be revoked from the public role in each database and what the consequences are, both from a practical perspective (typical applications) to an extreme example (Microsoft's OpenHack 4 configuration).
Read the Article
|
SQL Server 2000: Permissions on System Tables Granted to Logins Due to the Public Role
In this paper I will cover the access rights to system tables the public role has in these two system databases as well as in a typical user database. I'll also cover how the guest user adds to the conundrum, especially with respect to the system databases and cross-database ownership chaining. Finally, I'll look at what permissions can be revoked from the public role in each database and what the consequences are, both from a practical perspective (typical applications) to an extreme example (Microsoft's OpenHack 4 configuration).
Read the Article
|
SQL Server Email vulnerability issues and prevention strategies
This paper will explore some of the ways this feature could be used by both legitimate users and intruders. Installation and configuration of the utility will be briefly described in enough detail to support the ensuing discussion of the vulnerability. Finally, a number of strategies will be suggested that could be used to minimize the vulnerabilities exposed by use of this feature.
Read the Article
|
The Intrinsic Hole In Information Security
This discussion will address the lack of type safety as a fundamental weakness of the C program and how type safety coupled with the wide spread use of the C programming language relates to a massive hole in information security. The discussion begins with a historical perspective of the C programming language and why it is an integral part of so many computer systems. From there the discussion will cover type safety and how it relates to information security. Finally, the discussion wraps up with the safer alternative to C programming, C++ and some common methods used to make C programming more secure.
Read the Article
|
The Security Challenges of Offshore Development
Software development is now a global process. Hundreds of U.S. corporations are turning to offshore software outsourcers to maintain their core systems as well as develop new applications. India alone exported over $5 billion dollars of software in 2000, over 65 percent of this went to the United States.i Software outsourcing companies have set up offshore development centers (ODC) in many other Asian countries such as Pakistan, Malaysia, China, and the Philippines. Other popular destinations include Israel, Ireland, Mexico, Russia and Chile. These countries offer low costs, valuable trained personnel, and English language capabilities. Their facilities employee thousands of programmers who develop software applications for U.S. companies.
Read the Article
|
Understanding Lotus Notes Security & Execution Control List (ECL) Settings
Lotus Notes has enjoyed being in the shadow of Microsoft® products, like Outlook and Internet Explorer when it comes to wide spread, corporate targeted, malicious code attacks. Being in the shadow has created a false sense of security for Lotus Notes system administrators and will eventually be exploited. Microsoft provides a basic execution control mechanism for preventing macros in the Office suite and digitally signed active content within Internet Explorer, but not at the granularity of control that Lotus Notes ECL's provides. Now is the time to make sure that your Lotus Notes ECL's are properly set on your companies workstations. This article will prepare you, your system administrators and your clients for the next generation of hackers who will design "Email Neutral" viruses that can run freely on both Lotus Notes and Microsoft Outlook workstations.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Members currently browsing this category:
|
|
