Application Security Blog

Welcome to the Applicure AppSec Blog. Here we regularly publish advice, tutorials, and news related to the world of application security. To keep up to date, bookmark this page, subscribe to our RSS feed, or follow our updates on Twitter. Thanks for reading.



FAQs

Got questions about dotDefender? Please visit our knowledgebase for answers or contact Support at support@applicure.com.


Featured Blog Posts

CWE/SANS Top 25

With the release of the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors came a ... read more ...

Google Codelab

It may seem counterproductive for Google to teach people to think like a cyber criminal ... read more ...

Web Hacking Facts and Figures

According to a new Data Breach Investigations Report from global comms and IT provider Verizon ... read more ...

February 20, 2011

Top Jordan website back up after hacking

AMMAN — Jordan's most popular news website, Ammonnews, said it was shut down by the security services for several hours on Monday before going back online.

Access was interrupted one day after it published a statement critical of the government issued by 36 representatives of Jordan's major tribes who represent the backbone of the kingdom. ...  Continue reading...

February 20, 2011

Cisco Announces New Context-Aware Security Enforcement

Cisco continues to invest in addressing the rapidly changing security needs of businesses today with the announcement of new context-aware security enforcement across its security portfolio.  ...  Continue reading...

February 20, 2011

Senior bureaucrats lax on BlackBerry security

Security experts suggest senior federal bureaucrats are playing with fire by sending sensitive government information on their BlackBerry.  ...  Continue reading...

December 28, 2010

Khodorkovsky's website attacked amid announcement of sentencing

 ...  Continue reading...

December 28, 2010

110,000 Credit Card Numbers Stolen in Tour Company Web Server Hack

 ...  Continue reading...

December 28, 2010

Microsoft confirms critical IE bug, works on fix

suggests using blocking tool, but does not plan to issue emergency patch ...  Continue reading...

December 08, 2010

WikiLeaks, the Mega-D botnet and online privacy led the way in cyber-security news this past week.

 ...  Continue reading...

December 08, 2010

Vendor Lock In or Ignorant Design?

I often hear people say '”I’m not going to use Microsoft stuff because the don’t want to become victim of vendor lock in.” They often chose “open source” alternatives for pieces of the stack (web server and database to name a few). This isn’t necessarily a bad thing so long as they’ve done their homework, landed on the right design and chose the runtime that best met their needs.  ...  Continue reading...

May 26, 2010

The Price of Ignoring SQL Injection Vulnerabilities

Research has shown that businesses just don’t take web application security seriously enough. For those who continue to ignore vulnerabilities that face web applications, the end result can often be costly. This blog post shows the cost of SQL injection vulnerabilities for one business. ...  Continue reading...

May 19, 2010

The Most Vulnerable Programming Languages

Normally, studies of Web application security involves which type of vulnerability is most common or most dangerous to a web site. This study, however, looked into which programming language is the most secure among the many used to create Web based applications. ...  Continue reading...

May 17, 2010

Google Codelab

It may seem counterproductive for Google to teach people to think like a cyber criminal but that is exactly what the goal of Google's "Web Application Exploits and Defenses" codelab is. ...  Continue reading...

May 11, 2010

Ponemon State of Web Application Security Report

Despite numbers showing that in 86% of all attacks a vulnerability in a Web application was exploited, a new study by the Ponemon institute found that only 18% of IT security budgets are allocated to protecting Web applications. ...  Continue reading...

May 08, 2010

The Anatomy of a SQL Injection Attack

SQL injections are one of the most dangerous attacks used against web applications. In 2010, they were ranked in the top spot for the OWASP Top Ten and second in the CWE/SANS Most Dangerous Programming Errors. Read through this walkthrough of an SQL injection attack to see just how simple they can be. ...  Continue reading...

May 05, 2010

WordPress Security

With over 9.7 million active installations of WordPress and 32 of the Technorati Top 100 blogs of 2009 using the application for either self-hosted blogs or blogs hosted on WordPress.com, it is easy to say that WordPress is by far the most popular blogging system in existence. ...  Continue reading...

April 12, 2010

Why Web Application Security?

Presence on the Internet involves dealing with an ever-shifting landscape. New technologies emerge while others wither away. Protocols rise and fall. Traffic patterns change. 10 years ago, the file transfer protocol (FTP) accounted for most Internet traffic. Today, most Internet traffic is predominantly HyperText Transfer Protocol (HTTP). ...  Continue reading...

March 17, 2010

What is Cross-Site Scripting (XSS)?

Cross site scripting, or XSS, constantly holds the number one spot as the most common vulnerability found in web sites. Just recently, White Hat security reported that 66 percent of all web sites found to contain at least one vulnerability could be exploited by an XSS attack. ...  Continue reading...

March 03, 2010

CWE/SANS Top 25

With the release of the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors came a push to hold software developers to be held liable for any insecure code they write. Alan Paller, director of research for the SANS Institute commented that "wherever a commercial entity or government agency asks someone to write software for them, there is now a way they can begin to make the suppliers of that software accountable for [security] problems." ...  Continue reading...

February 26, 2010

The Small Webmaster's Guide to a Hacked Website

As the owner of a small web site, having your site fall victim to an attack may not be the one thing that keeps you up at night. After all, you have to worry about so many other things: can potential visitors or customers find your site, is your content relevant and timely, is your site optimized, etc. And who would want to hack your site anyways right? ...  Continue reading...

February 23, 2010

OWASP Top 10 2010

The September 2009 SANS Institute Top Cyber Security Risks report revealed that over 60% of Internet attacks were launched against Web applications. ...  Continue reading...

February 17, 2010

Database Security Best Practices

Today, many tools make it easy for anyone to quickly set up a data-driven website, but unfortunately the resulting site is often not particularly secure. ...  Continue reading...


Please Wait...