Palisade Magazine
 
Back to Basics: Http Essentials

December 2006

Back to Basics: Http Essentials

by Jose Varghese, CISSP, GSEC, GCIH, CBCP, BS7799 LA

In this article series, we will refresh through some of the basic concepts in HTTP. The first part of the series provides answers to a few questions on caching. It primarily addresses questions like what is stored in a cache, how is it stored and how to control their behaviour.… more →

Insecurities in Healthcare Applications

by Firosh Ummer, CISA

Online Healthcare applications come under the radar of HIPAA. In this article we discuss the threats they are exposed to, the attacks we’ve seen work against them and the precautions to take.… more →

Wireless Security - How WEP works

by Arvind Doraiswamy

As you probably already know Wired Equivalent Privacy (WEP) is used by companies to secure their wireless connections from sniffing attacks. You’ve probably also heard that it’s not very secure. In the first part of this 2 part series I’ll explain the inner workings of WEP and follow it up next month with why it’s insecure.… more →

QuizQuiz: SSL handshake for multiple pages

Your Internet Banking site is fully SSL enabled. Login-page, Account summary page and Fund transfer page are all HTTPS enabled. When you bank online - login, check your account summary and do a fund transfer, is SSL authentication and handshake happening separately for each page or is it one handshake for all the three pages?

  1. HTTP is stateless, so is SSL. Full SSL handshake needed for each HTTP page.
  2. SSL is stateful, only one full handshake for multiple HTTP pages in a session.
  3. SSL is security at IP layer. One handshake for one set of source/destination IP address.

more →

On the blog recently

Past quizzes

  • Jul '08 : A new proposal has been formed by W3C, to incorporate Web 2.0 developer's demands, by allowing cross site requests. Which among the following is the said proposal?
  • Jul '04 : What is the cryptographic technique to use for transmitting passwords during authentication?
  • Aug '05 : What kind of attacks does SSL prevent?
  • Nov '06 : What is the average lifetime of a phishing site today?
  • Mar '07 : Which of the given options best describes an Anti-Phishing Measure?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award
  • 15.02.09. Paladion/Plynt Launches a PCI Solution Package for the Retail Industry to Meet Demands for Enterprise Merchants Seeking PCI DSS Compliance
  • 10.06.08. Paladion is presenting on “Safeguarding SaaS” at the SaaS University in Boston, June 18-19
  • 17.03.08. Asian Banker awards Kotak Mahindra and Paladion the best security implementation project for 2007