Programming: The Heart of Web Security
Information and data transmission system security holds a place of ever-growing importance in today's world. The expansion of the Web has provided businesses with an ideal platform for introducing and promoting their products and services. The range of possibilities open to hackers is expanding to the point that certain business fundamentals, in particular confidentiality and integrity, are being challenged. Let us now review the reasons why such security problems have arisen, the stakes involved, and some examples of possible security flaws.
Read the Article
|
The Risk of Application Attacks Securing Web Applications
According to statistics from CERT (an independent body specializing in information security), the number of successful, that is to say declared, attacks continues to grow: up 60% in 2002, and expected to grow around 80% in 2003. A simple reading of these numbers shows that protection mechanisms deployed by companies are not discouraging attempts by hackers. Far from it.
Read the Article
|
Designing and Implementing Secure Web Services
This paper presents the key issues associated with designing and deploying highly secure applications for corporate customers over standard web protocols and proposes a number of practical solutions for dealing with these issues.
Read the Article
|
Document Security in Web Applications
Organizations publish information online including confidential data. Data is rendered in varied formats; it can vary from simple HTML pages to documents in Adobe's PDF or Microsoft's Word/Excel formats. Confidential data is restricted to a set of users who have to login and be authenticated on the website. A common example of such a situation is an online banking system, wherein the personal statements of a customer are made available in a PDF file. These files contain sensitive information and as such they must not be made available to any other user. Mechanisms to protect data rendered as HTML are well established, the same thing does not hold good for document protection.
Read the Article
|
Security Best Practice: Host Naming & URL Conventions
This paper discusses a few simple best practices that organizations can use to easily strengthen the security of their environments against many attacks and make it much more difficult for an attacker to confuse customers or clients.
Read the Article
|
Anti Brute Force Resource Metering
Resource metering through client-side computationallu intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.
Read the Article
|
Governmental Effects upon the Cyber Security Decision Making Cycle
The purpose of this paper is to consider the direct influence and impact of government agencies on the cybersecurity decision cycle, especially regarding computer system and network critical infrastructure. I am purposely defining and discussing the definitions and fundamental points for cybersecurity, Critical Infrastructure Protection (CIP) and decision-making cycles, and use these items to build a framework or basis for discussing strategic, operational and tactical approaches to cybersecurity.
Read the Article
|
Secure Session Management: Preventing Security Voids in Web Applications
This paper will start from the basics and define what session management is and how it works. Next, attacks on session management will be described followed by methods to defeat these attacks. Finally, examples of session management security flaws in popular web applications will be presented to illustrate how session management can fail.
Read the Article
|
A Guide to Discovering Web Application Insecurities, Before Attackers Do
For purposes of discussion, this paper will focus on discovery techniques companies can employ to uncover insecurities in web-based applications and system infrastructure. The following will provide valuable information on tools to determine if vulnerabilities are present and techniques application owners can deploy to mitigate potential attacks. While many of the tools showcased allow for multiple hosts to be assessed, this paper will demonstrate techniques based on a single host (application).
Read the Article
|
