Please Wait...
Welcome to the Applicure AppSec Blog. Here we regularly publish advice, tutorials, and news related to the world of application security. To keep up to date, bookmark this page, subscribe to our RSS feed, or follow our updates on Twitter. Thanks for reading.
May 26, 2010
Research has shown that businesses just don’t take web application security seriously enough. For those who continue to ignore vulnerabilities that face web applications, the end result can often be costly. This blog post shows the cost of SQL injection vulnerabilities for one business. ... Continue reading...
May 19, 2010
Normally, studies of Web application security involves which type of vulnerability is most common or most dangerous to a web site. This study, however, looked into which programming language is the most secure among the many used to create Web based applications. ... Continue reading...
May 17, 2010
It may seem counterproductive for Google to teach people to think like a cyber criminal but that is exactly what the goal of Google's "Web Application Exploits and Defenses" codelab is. ... Continue reading...
May 11, 2010
Despite numbers showing that in 86% of all attacks a vulnerability in a Web application was exploited, a new study by the Ponemon institute found that only 18% of IT security budgets are allocated to protecting Web applications. ... Continue reading...
May 07, 2010
SQL injections are one of the most dangerous attacks used against web applications. In 2010, they were ranked in the top spot for the OWASP Top Ten and second in the CWE/SANS Most Dangerous Programming Errors. Read through this walkthrough of an SQL injection attack to see just how simple they can be. ... Continue reading...
May 04, 2010
With over 9.7 million active installations of WordPress and 32 of the Technorati Top 100 blogs of 2009 using the application for either self-hosted blogs or blogs hosted on WordPress.com, it is easy to say that WordPress is by far the most popular blogging system in existence. ... Continue reading...
April 12, 2010
Presence on the Internet involves dealing with an ever-shifting landscape. New technologies emerge while others wither away. Protocols rise and fall. Traffic patterns change. 10 years ago, the file transfer protocol (FTP) accounted for most Internet traffic. Today, most Internet traffic is predominantly HyperText Transfer Protocol (HTTP). ... Continue reading...
March 17, 2010
Cross site scripting, or XSS, constantly holds the number one spot as the most common vulnerability found in web sites. Just recently, White Hat security reported that 66 percent of all web sites found to contain at least one vulnerability could be exploited by an XSS attack. ... Continue reading...
March 03, 2010
With the release of the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors came a push to hold software developers to be held liable for any insecure code they write. Alan Paller, director of research for the SANS Institute commented that "wherever a commercial entity or government agency asks someone to write software for them, there is now a way they can begin to make the suppliers of that software accountable for [security] problems." ... Continue reading...
February 26, 2010
As the owner of a small web site, having your site fall victim to an attack may not be the one thing that keeps you up at night. After all, you have to worry about so many other things: can potential visitors or customers find your site, is your content relevant and timely, is your site optimized, etc. And who would want to hack your site anyways right? ... Continue reading...
February 23, 2010
In September 2009, the SANS Institute reveled in their Top Cyber Security Risks report that more than 60 percent of the total attacks observed on the Internet were launched against web applications. This coming shortly after the wave of July 4th Distributed Denial of Service attacks launched against US Government sites and banking sites. ... Continue reading...
February 17, 2010
Nowadays, script installers and applications that run blogs, content management systems, and other dynamic web sites make it easy for anyone to set up a data-driven site in a matter of minutes. While such technologies make it easy for a web designer to focus on the way a site looks and the content that populates it, they don’t lend themselves to a secure site in many cases. ... Continue reading...
February 03, 2010
Working in IT, one of the most dreaded calls you can receive is the one that informs you that something on your network has been compromised, especially if that something is your company’s web site. Organizations spend a great deal of money developing web sites that have become a integral way that they do business. ... Continue reading...
January 26, 2010
In a recent post titled Data Security Considerations in the Cloud, problems related to who a company’s cloud provider has on staff can be a cause for concern when it comes to security. ... Continue reading...
January 18, 2010
In a recent article, Social networks face user content risks, Web application vulnerabilities, Robert Westervelt of SearchSecurity.com predicts that third-party applications used on some of the more popular social networks could become the next avenue of attack for cybercriminals and malicious attackers. ... Continue reading...
January 02, 2010
Cloud computing has raised quite a few questions with IT management, especially when it comes to securing data housed in the cloud. To alleviate many people’s fears when it comes to data security, Eran Feiganbaum, director of security for Google Apps claimed that data stored in the cloud is often much safer than if it were stored on a corporate network comparing the move to taking jewelry out of a sock drawer and putting it in a bank. ... Continue reading...
November 03, 2009
According to a new Data Breach Investigations Report from global comms and IT provider Verizon Business, more than 280 million records were compromised in 2008. ... Continue reading...
May 10, 2004
Please Wait...
|