Definition of Application Security
What is Application Security?
Application security is the act of securing a computer application or program.
|
|
Application Security
|
|
Using Chroot Securely
The chroot() function can be a powerful mechanism to secure your system, but only if used correctly. Anton provides a good foundation for implementing it in your programs and services running on your system.
Read the Article
|
A Primer on OpenVMS (VMS) Security
This is not a practical step-by-step guide to securing VMS; rather, it is an introductory primer on the security concepts and features that the operating system has. VMS system security is quite comprehensive and there exists numerous parameters and settings which would require a much more granular depth than the length of this paper would provide. The Compaq OpenVMS Guide to System Security manual listed in the List of References Section is the recommended reference for further examining VMS system security settings and how the reader may go about tailoring the security settings of their system in conjunction with their particular organizational needs or security policy. My aim therefore is to provide insight into such functionalities and to provide an overview.
Read the Article
|
Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach
This paper addresses the security challenges that exist due to programming flaws, and explains how simple programming practices can reduce the risks. The paper starts with a description of common application vulnerabilities and risks. The vulnerabilities that are discussed include Buffer overflows, SQL Injection, Script Injection, XML injection and others. The application development platforms, technologies and tools that are widely used in the industry and the vulnerabilities that exist in them are discussed next. The technology and tools discussed include Web Services, Wireless, JAVA, C/C++, Web and Database. Further, the secure programming practices that can be used to avoid the vulnerabilities are presented. Since more and more organizations are embracing the outsourcing business model, the importance of having good security practices in such an environment is briefly touched upon. In the end, case study examples have been provided to illustrate the use of secure coding principles.
Read the Article
|
Application Security Cheat Sheet
Deploying application in a secure manner has become more critical today then ever before. Enterprises deploy several applications at very short notice. Business demands increased automation and more Internet enabled applications. Security is often considered after the application has been developed and is about to go live or in some cases even after the systems have gone live. This article takes a look at some of the critical factors that needs to be looked at for securing applications.
Read the Article
|
Configuring Internet Explorer Security Zones: A New Tool for the Security Community
This paper will review the work of others in discussing the risks inherent in each of the active content technologies, and the very different ways in which they approach security. Then it will gather into one place all of the information that the author could find regarding the meanings and implications of all but one of IE's security zone settings. After that, we shall discuss Microsoft's System Policy Editor tool for Windows NT and how it could have been used to quickly and easily enforce users' IE security zone settings throughout an enterprise, had Microsoft only provided a policy editor template for the IE security zones. Finally (and admittedly somewhat belatedly) a template to do just that, written by the paper's author, shall be presented to the security community.
Read the Article
|
Digging Deeper Into TCP/IP
This paper takes a close look at TCP/IP as a reference for the security professional. Its goal is to consolidate information from numerous sources into one place and to go deeper into the client/server relationship. It explores basic TCP/IP concepts such as encapsulation, IP and TCP definitions, client/server connections, and discusses less well-known concepts such as state. It concludes with an illustration of an entire TCP session (Figure 10), including absolute sequence and acknowledgement numbers, state identification, and client and server responses. TCP/IP is an immense subject and this paper is by no means exhaustive, but references are supplied to help the reader further explore this topic.
Read the Article
|
Distributed Object Technology: Security Perspective
The objective of this paper is to give a brief introduction to distributed object technology and an overview of security features available in Microsoft.NET and CORBA. The paper explains the architecture of .NET and covers some of its key security concepts like Security Policy, Code Access Security, Role Based Security, Verification and Stackwalk. It also explains CORBA and its security concepts like CORBA Security Services, Security Specifications, Security Policy, Domain Access Policy and Delegation. The paper concludes by explaining the way in which some key security concerns are addressed in .NET and CORBA.
Read the Article
|
Distributed Systems Security: Java, CORBA, and COM+
Security can have varying levels of difficulty for implementation. One factor in determining the difficulty is the number and distribution of the systems. With distributed systems architecture, there are different nodes and resources. One major issue with distributed systems is application security. There is the question of how security is handled in distributed applications, and how the client handles applications coming from an unknown source. The purpose of this paper is to examine three popular architectures for distributed systems applications and their security implications. The architectures analyzed are Java by Sun, CORBA by the OMG, and COM+ from Microsoft. Outstanding issues and future areas for research are considered.
Read the Article
|
Insecurity of Inputs to CGI Program
This paper is to list some points that each web programmer has to consider while coding a web based application that interacts with user inputs through CGI as well as tools that can be used to test it.
Read the Article
|
Label Controlled File Transfer Server - Case Study
The following is the process that I used to configure my portion of the label controlled file transfer system. I will touch on Trusted Solaris (TSOL), the secure operating system, Washington University File Transfer Protocol Daemon (wuftpd), the file transfer program, and a chroot jail, the suggested direction of implementation. By the end of the project I had configured a file transfer system that displayed an acceptable amount of security for my project leader (What more can you ask?).
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Members currently browsing this category:
|
|
