Definition of Application Security
What is Application Security?
Application security is the act of securing a computer application or program.
|
|
Application Security
|
|
A Security Assessment of the Ricoh Afcio 450E Multifunction Device
There is an increasing use in the business community of multifunction devices that provide network printing, scanning and faxing. These devices are frequently being deployed within business with little thought of the security implications of devices that bridge the network and phone line, potentially offering a backdoor to both the network and confidential information via "cross channel" communications. This paper examines the security of the Ricoh Aficio 450E Multifunction device (hereafter known as Ricoh 450E).
Read the Article
|
Options For Securely Deploying Outlook Web Access
In this paper, I will provide an overview of Outlook Web Access and how it functions to deliver Exchange server mail via HTTP. Next, I will take an in-depth look at four primary areas of concern in securing OWA; 1) the foundation technology, 2) encryption and authentication, 3) network architecture and, 4) logoff. Finally, I will review various products that offer a more secure way to deploy OWA than the off-the-shelf solution. It is my goal to heighten the reader's awareness of the potential security risks associated with Outlook Web Access and to provide sufficient technical information regarding options for securely deploying OWA such that administrators can make informed decisions to narrow the direction they wish to take their own deployment efforts. This paper is not an endorsement for any one product or solution.
Read the Article
|
Security Features Overview of Merlin (J2SE Version 1.4)
All the safeguards that we, as security professionals, employ are rendered useless if the foundation upon which they are laid is not sound. That is why JavaTM has become the language of choice for the security minded application developer. From its inception, security was one of the primary tenets of the JavaTM distributed computing platform.
Read the Article
|
Testing for Security in the Age of Ajax Programming
Ajax programming, which allows a web page to refresh a small portion of its data from a web server, is an exciting technology that has recently been introduced. However, this type of programming can also leave applications open to SQL injection and similar attacks. It is important for the developer to test the application thoroughly for vulnerabilities before passing it on to the QA department. And the QA engineer needs to learn to "think like a hacker." Learn more about Ajax programming and what it means in terms of security.
Read the Article
|
Using Terminal Services to Remotely Administer Windows2000 Servers Securely
This paper will focus primarily on the security issues of using Terminal Services to remotely administer Windows 2000 Servers. A general discussion of Terminal Services clients, licensing, the Remote Desktop Protocol (RDP) and Terminal Services encryption methods will provide the reader with a fundamental understanding of Terminal Services. A brief discussion of various security and Denial of Service vulnerabilities will demonstrate the need for Terminal Services security. The paper will conclude with the general steps necessary to plan, implement, test and monitor a secure Terminal Services configuration to remotely administer Windows 2000 Servers.
Read the Article
|
Framework for Secure Application Design and Development
The practice of secure application design and development is an important and necessary attribute of a secure computing environment. Applications that protect data from unauthorized access or modification and ensure its availability are key advantages to companies with physical and information assets that require such an environment. But, as crucial as this practice is, applications often are not being designed and developed with security in mind. As such, these applications are contributing to the burgeoning miasma of potentially insecure interconnected systems providing an open door to the possible compromise of companies' sensitive and valuable information or systems.
Read the Article
|
How To Implement Security in the MAX TNT RAS Server
This document intends to show the necessary configurations and cares to provide a more secure DIAL or ISDN (Integrated Service Digital Network) access network, based on equipments Lucent MAX TNT. Pointing the best practices, special configurations in the RAS Servers (Remote Access Service) and in the RADIUS (Remote Authentication Dial-In User Service) and management servers. Generally the main components of a network based on MAX TNT RAS servers are : the RAS Servers, Authentication, Authorization, Accounting and Management servers, as showed below. This kind of access network can provide different services like DIAL-UP access, ISDN access, tunneling access with L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol) and others.
Read the Article
|
Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD
This paper will present one method of securing an anonymous FTP server in an UNIX environment. The paper will begin with a brief overview of the FTP protocol as defined in IETF Standard 9, RFC-959, including vulnerabilities in its design. A discussion will then proceed about the advantages and disadvantages of anonymous FTP. Next, a synopsis of anonymous FTP security basics, followed by highlights of the security features of WU-FTPD, will be presented. The paper will then focus on the compilation, installation, and configuration of a secure anonymous WU-FTPD server running on a Solaris 8 platform.
Read the Article
|
Securing Information within SAP v4.6b
The following thoughts and best practices are the end result of an upgrade, experience with the necessary clean up after the cutover and review of best practices offered by third parties. In our upgrade, we implemented some additional levels of security from both a technical and process perspective. During the months that followed, we learned what mistakes and omissions we made as well as some things that we had implemented very well. We are currently working to tighten security on an on-going basis and have limited the enterprise's exposure to a manageable acceptable level. This practical is not intended to focus on the technical aspects of creating security access for users but rather on the implications on designing a loose, difficult to manage security environment. Accordingly, the technical discussion will be limited and at a fairly high level. Although the specifics in this discussion are directed to SAP, the premise can be applied to any software system.
Read the Article
|
Securing Vulnerable Software
Scott Wimer, CTO Cylant Software, discusses methods for improving the security of a computer system in spite of their vulnerabilities in order to break out of the current security cycle.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Members currently browsing this category:
|
|
