Welcome to the Applicure AppSec Blog. Here we regularly publish advice, tutorials, and news related to the world of application security. To keep up to date, bookmark this page, subscribe to our RSS feed, or follow our updates on Twitter. Thanks for reading.
February 20, 2011
AMMAN — Jordan's most popular news website, Ammonnews, said it was shut down by the security services for several hours on Monday before going back online.
Access was interrupted one day after it published a statement critical of the government issued by 36 representatives of Jordan's major tribes who represent the backbone of the kingdom. ... Continue reading...
February 20, 2011
Cisco continues to invest in addressing the rapidly changing security needs of businesses today with the announcement of new context-aware security enforcement across its security portfolio. ... Continue reading...
February 20, 2011
Security experts suggest senior federal bureaucrats are playing with fire by sending sensitive government information on their BlackBerry. ... Continue reading...
December 28, 2010
December 28, 2010
December 28, 2010
suggests using blocking tool, but does not plan to issue emergency patch ... Continue reading...
December 08, 2010
December 08, 2010
I often hear people say '”I’m not going to use Microsoft stuff because the don’t want to become victim of vendor lock in.” They often chose “open source” alternatives for pieces of the stack (web server and database to name a few). This isn’t necessarily a bad thing so long as they’ve done their homework, landed on the right design and chose the runtime that best met their needs. ... Continue reading...
May 26, 2010
Research has shown that businesses just don’t take web application security seriously enough. For those who continue to ignore vulnerabilities that face web applications, the end result can often be costly. This blog post shows the cost of SQL injection vulnerabilities for one business. ... Continue reading...
May 19, 2010
Normally, studies of Web application security involves which type of vulnerability is most common or most dangerous to a web site. This study, however, looked into which programming language is the most secure among the many used to create Web based applications. ... Continue reading...
May 17, 2010
It may seem counterproductive for Google to teach people to think like a cyber criminal but that is exactly what the goal of Google's "Web Application Exploits and Defenses" codelab is. ... Continue reading...
May 11, 2010
Despite numbers showing that in 86% of all attacks a vulnerability in a Web application was exploited, a new study by the Ponemon institute found that only 18% of IT security budgets are allocated to protecting Web applications. ... Continue reading...
May 08, 2010
SQL injections are one of the most dangerous attacks used against web applications. In 2010, they were ranked in the top spot for the OWASP Top Ten and second in the CWE/SANS Most Dangerous Programming Errors. Read through this walkthrough of an SQL injection attack to see just how simple they can be. ... Continue reading...
May 05, 2010
With over 9.7 million active installations of WordPress and 32 of the Technorati Top 100 blogs of 2009 using the application for either self-hosted blogs or blogs hosted on WordPress.com, it is easy to say that WordPress is by far the most popular blogging system in existence. ... Continue reading...
April 12, 2010
Presence on the Internet involves dealing with an ever-shifting landscape. New technologies emerge while others wither away. Protocols rise and fall. Traffic patterns change. 10 years ago, the file transfer protocol (FTP) accounted for most Internet traffic. Today, most Internet traffic is predominantly HyperText Transfer Protocol (HTTP). ... Continue reading...
March 17, 2010
Cross site scripting, or XSS, constantly holds the number one spot as the most common vulnerability found in web sites. Just recently, White Hat security reported that 66 percent of all web sites found to contain at least one vulnerability could be exploited by an XSS attack. ... Continue reading...
March 03, 2010
With the release of the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors came a push to hold software developers to be held liable for any insecure code they write. Alan Paller, director of research for the SANS Institute commented that "wherever a commercial entity or government agency asks someone to write software for them, there is now a way they can begin to make the suppliers of that software accountable for [security] problems." ... Continue reading...
February 26, 2010
As the owner of a small web site, having your site fall victim to an attack may not be the one thing that keeps you up at night. After all, you have to worry about so many other things: can potential visitors or customers find your site, is your content relevant and timely, is your site optimized, etc. And who would want to hack your site anyways right? ... Continue reading...
February 23, 2010
The September 2009 SANS Institute Top Cyber Security Risks report revealed that over 60% of Internet attacks were launched against Web applications. ... Continue reading...
February 17, 2010
Today, many tools make it easy for anyone to quickly set up a data-driven website, but unfortunately the resulting site is often not particularly secure. ... Continue reading...
Please Wait... |