Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Cenzic and NT OBJECTives, both firms that focus on application security solutions, today announced that they have settled an ongoing legal battle that has been rolling for most of this year.
Known as CSRF for short, cross-site request forgery attacks are a type of attack where the attackers use an authenticated session on a Website to perform unauthorized actions on the site.
Watch an on demand Webcast from SecurityWeek and Symantec to learn more about this intriguing new malware as we provide further analysis on the latest outbreak findings.
Application Security Inc., released new updates to its product line, keeping to the company’s tradition of making database assessment and management an easily navigated and streamlined process.
Latest release from LogRhythm includes pattern recognition and responsive monitoring, which can act on its own if warranted. Additional baseline changes offer faster indexing and processing and larger storage capacity.
Security expert Mariano Nuñez Di Croce details an SAP authentication bypass vulnerability that resides in the SAP Application Server Java code and lets an attacker log-in as the user of his or her choice without specifying a password.
On Aug. 9, Microsoft accidentally released information on the five security updates it is planning to release tomorrow as part of this month’s Patch Tuesday.
Qualys made several announcements including a new QualysGuard Consultant Edition, a revamped user interface for its QualysGuard Security and Compliance SaaS Suite, and availability of the latest version of its Web Application Scanning solution.
Makes Urgent Detection of SQL Injection and XSS Vulnerabilities at Scale a Reality
Utilizing built-in VPN functionality of iOS, user sessions are protected, including those over public Wi-Fi connections, by using 256-bit AES encryption, ensuring secure access to corporate desktops and applications.
- 1 of 4
- ››
FEATURES, INSIGHTS // Application Security
Protecting your website from hackers is tough. The battle between the good guys and the bad guys is an ever escalating war where a misstep on your part may mean a breached site.
This week Noa dives into Business Logic Attacks, pointing out different aspects and how to mitigate them. Business logic attacks abuse the functionality of a program. They’re stealthy as they don’t come as malformed requests and they contain legitimate values. Often, we can't even call them illegal.
While SSL is a great technology to ensure that consumers’ browsers are communicating to the businesses’ servers in an encrypted manner, and ensuring that these are legitimate businesses, it doesn’t prevent from the hacking the websites through vulnerabilities in Web applications.
There are thousands of script kiddies, launching hundreds of thousands of automated attacks every day. Anyone who argues that their website is too small or obscure for anyone to test for flaws isn’t paying attention to the fact that everyone’s website is being tested, all the time.
Enterprises need to shift the focus of their security operations from a small group of individuals with a set of tactical objectives, to a virtual organization that provides strategic value and has the ability to improve outcomes for the organization, its customers and employees.
Being compliant doesn’t mean you’re secure. Ethical hackers are continuously schooling larger companies, and even with their large budgets, why are they not getting the message? Buckle your seatbelts; The Hacker’s fun has just begun.
Most people will focus on perimeter security and think that they have it all covered. Unfortunately, network security is never enough. Just as we cant control what's on television, who is in Internet chat rooms or who is on the other end of the phone, we can't control the browsers that are interacting with your web applications.
So, what can your businesses do to protect against the increasing number of hacking attacks? You need to follow the ABCs of Web Application Security – Assessment, Blocking, and Correction of Vulnerabilities in the long-term. Here are some ideas how to do that in more detail.
I’ve approached design and development companies with the thought of pre-launch web application security scans, done on a staging server. More times than I can count, these conversations end up in an agreement that web security is essential but there is no desire to find out how really secure the target site really is.
Unless your company sets security as a prime requirement, your website will be one of the 70 percent on the Internet that contains major security flaws.
- 1 of 3
- ››
Subscribe to SecurityWeek
- With an IPO In Sight, Palo Alto Networks Names New CFO
- Google Adds New Layer to Android Security
- Study Analyzes Fake Facebook Profiles vs. Real Users
- VeriSign Attackers Swiped Data from Servers, Management Left in the Dark
- Half of Fortune 500 and Government Agencies Infected With DNSChanger Malware
- It's Time to Open Our Eyes to Advanced Malware Protection
- AVG Technologies Set for $128 Million IPO Thursday
- Wave Systems Launches Cloud-Based Encryption Service
- Threat Intelligence Market to Reach $905 Million by 2014, Says IDC
- BlackBerry 7 Gets Government Security Stamp
Copyright © 2011 Wired Business Media. All Rights Reserved. Privacy Policy | Terms of Use
