Palisade Magazine

Palisade Authors

Abhishek Kumar

• Integrating Smart Cards in Web Applications
  The smarter way of authenticating your application users

Andres Desa

• Of Captchas, Gimpys and BaffleText …
  Stopping automated bots dead in their tracks

Anoop Mangla

• Distributed Reflection Denial of Service: A Bandwidth Attack
  How distributed reflection denial of service attacks work
• Two Factor Authentication
  We discuss various two factor authentication mechanism

Arvind Doraiswamy

• Virtualization – the promised land?
  Is virtualization the magic bullet to solve all our security problems?
• Wireless Security - Cracking WEP
  How an adversary goes about trying to crack WEP
• Wireless Security - How WEP works
  Learn about the working of WEP in detail as an encryption technique on wireless networks

Balaji V

• Wi-Fi Protected Access
  Wi-Fi Protected Access (WPA) is the most popular security mechanism used in Wireless LANs. It is based on standards and interoperates across vendors.
• Application Penetration Tester's Toolkit
  In this article series, we will be looking at some of the tools used for application penetration testing
• Session Riding Attacks
  Learn about how session riding attacks take place and how to defend against them
• Thick Client Application Security - Defenses
  Balaji discusses the defense mechanisms available to tackle attacks on thick client applications
• Thick Client Application Security - Attacks
  Attack vectors and tools for thick clients
• Defeating Bots with CAPTCHAs
  stopping bots in their tracks using CAPTCHAs
• Using browser refresh to expose passwords
  Exploring the vulnerabilities arising out of the use of back, forward and refresh buttons.
• Google Hacking - Is your web application secure?
  Techniques used in google-hacking and how to safeguard web applications from this.

Bhaven Haria

• Understanding SSL VPN
  Learn about the increasingly popular form of VPN and a few of its advantages and concerns.

Deepu Thomas Philip

• Implementing Password Recovery
  Best practices on implementing password recovery features

Dipesh Rawal

• Application Logs - Security Best Practices
  What to log in an application to allow complete analysis later

Firosh Ummer

• Insecurities in Healthcare Applications
  Learn about the threats faced by today's healthcare applications and how to defend against them

Gaurav Shukla

• Backdoors and Trojans in Applications
  How you can protect your application from future threats.

Giridhar T M

• Controls for Outsourcing Software Development
  Addressing security when outsourcing software development

Jaideep Jha

• ASP Session Cookies
  Solution for changing session cookies in ASP applications

Jose Varghese

• Back to Basics: Internet Cookies
  Get to know the basics of internet cookies and how they store information
• Back to Basics: Http Essentials
  Get to know some of the basic concepts on caching in our HTTP essentials series
• Anti-phishing - Incident Response
  Prepare yourself to respond to a successful phishing attack against your website by following these steps.
• Anti-Phishing Techniques - Detection Measures
  Read about the various techniques for detecting phishing attacks against your websites.
• Anti-Phishing Techniques - Protection Measures
  Get to know the latest in Anti-Phishing Techniques and start protecting your website users
• Selecting Application Security Vendors
  Guidelines on choosing an application security vendor

Manu Puthumana

• Source Code Analyzers
  Securing against code security flaws in development time

Nilesh Chaudhari

• Pharming on the Net
  What you need to know about Pharming and Phishing
• PHP Security - Securing the environment
  Securing the PHP Environment

Prashant Gawade

• HTTP Request Smuggling
  A short introduction to a new attack vector for web applications
• Cryptanalysis: Collision attack in Hashing
  Hashing algorithms that are vulnerable to collision attacks and how difficult it is to execute the attacks.

Priyali Vibhute

• Security Enhancements in Visual C++
  Introduction to security enhancements in Visual C++ by way of functions and switches
• Encrypting data in Databases
  How database encrytion can enhance the security of our data

Rajesh Jose

• Preventing Buffer Overflows
  Methods on protecting against the most common attack technique

Roshen Chandran

• Phishing Questions
  Here we answer some of the questions raised by readers on our phishing series
• SaaS Security Testing - The Challenges
  Learn about the challenges involved in securing SaaS
• Smart Questions for Customer Reference Checks
  Find out what are the questions you can address when conducting customer reference checks.
• 5 Tips for Securing Software as a Service
  Some excerpts from our experiences on security testing of SaaS applications
• Securely Webifying Applications
  An executive briefing on the most common mistakes from the field
• Are Complex Passwords Really Necessary?
  Learn about complex passwords and what do they protect and what they dont.
• Catch'em Young - How to discover vulnerabilities early
  Addressing software bugs in the early stages of software development
• Security at Software Requirements Specification
  Security from the Requirements Specifications stage onwards
• Automated Application Vulnerability Scanners
  The role of automated scanners in Application Security Testing
• Authentication - Security Best Practices
  Ten good practices to secure the authentication system

Runa Dwibedi

• XPath injection in XML databases
  How XPath queries can be manipulated to access sensitive information in XML databases.

Sachin Shetty

• Security in SMS Banking
  Mitigating vulnerabilities in the SMS banking environment
• SMS Banking
  Understanding a typical SMS banking setup
• Fighting Keyloggers
  All about keyloggers and how to prevent them from capturing data

Sam Varughese

• The reign of bots
  How a network of bots, or automated programs, can be used to do much more than a DDoS
• Rainbow Cracking and Password Security
  This article presents the recent rainbow table attacks on password hashes
• Security Reverse Proxy
  Protecting web applications in real-time

Sangita Pakala

• LinkDemand and InheritanceDemand
  Best Practices for LinkDemand and InheritanceDemand
• Assert Safely: How to use .Net's Assert wisely
  how to use a powerful feature of .NET securely: the assert security action.
• Secure your sessions with Page Tokens
  How page tokens can enhance the security of applications beyond regular session tokens
• Datamonitor Survey on Software Security Testing
  Studying the security testing trends among 68 Independent Software Vendors.
• Same User, Different Privileges
  Options to consider when assigning different privilege levels to same user
• Passwords - In Memory Still Green
  How passwords can get stolen inspite of encryption
• Threat Modeling
  A Proactive Approach to Security

Santosh Kumar

• Are stored procedures safe against SQL injection?
  Let's check if one of the most widely used attack techniques are successful on SQL stored procedures

Sapna Satish

• CSRF - The hidden menace
  See how CSRF can affect web applications

Shah Nawaz

• Browser Hijackers
  How someone can hijack your browsing experience and how you can take precautions
• Security issues in 'Remember Me' feature
  How passwords stored in web browsers are vulnerable to exposure

Shaheem Motlekar

• Interviewing software developers
  Quizzing your developers on application security
• Security Architecture for Multi-Tier Applications
  We consider the most common breakdown of a tiered application - Presentation, Business Logic and Data
• Introduction to Code Obfuscation
  Security through obscurity? It does have some advantages.
• Training your Developers
  Two pronged approach to training developers on safer applications

Shalini Gupta

• More on dodging spiders
  Learn what more techniques can be used to prevent spiders from crawling on the sensitive pages of your websites.
• Dodging the spiders
  Tackle the nuisance of spiders on your website in this two part series
• Implementing SSL
  Implementing SSL on your webserver
• Understanding SSL
  How SSL works, what it protects, what it does not protect against.

Siddharth Anbalahan

• Common mistakes in two-tier applications
  we look at some of the common mistakes made in configuring and developing two-tier applications
• Securing Web Based Payment Systems
  We shall look at some of the risks involved in Internet-based payment systems
• Securing IIS Web Servers
  Make use of these security enhancements in IIS 6.0 to secure your web servers.
• Securing Apache Web Servers
  Secure your apache web servers with these secure configuration settings

Sonali Gupta

• Code Obfuscation Part 3 - Hiding Control Flows
  We look at control obfuscation, a class of obfuscation techniques that targets the control flow in a program
• Code Obfuscation - Part 2: Obfuscating Data Structures
  Sonali presents the different methods of data obfuscation with examples and also analyzes their quality
• Code Obfuscation
  Introduction to code obfuscation techniques and evaluating their qualities
• Steganalysis
  Techniques for extracting hidden data from stego-objects
• All About Steganography
  All about Steganography and how it can be used
• Securing Database Connection Strings
  A security cordon is only as strong as its weakest link

Sourabh Saxena

• URL Redirection Flaw
  How attackers use redirection flaws to trick users.

Suraj Sankaran

• Mobile Banking - Threats and Mitigation
  Let's have a look at the threats faced by mobile banking solutions
• Mobile Banking Architecture
  The author presents two popular mobile banking architectures and dives into the exchange of messages between the components

Varun Chaudhry

• Securing Documents in Web Applications
  Serving non-html documents to authenticated users