Palisade Magazine
 
Back to Basics: Http Essentials

December 2006

Back to Basics: Http Essentials

by Jose Varghese, CISSP, GSEC, GCIH, CBCP, BS7799 LA

In this article series, we will refresh through some of the basic concepts in HTTP. The first part of the series provides answers to a few questions on caching. It primarily addresses questions like what is stored in a cache, how is it stored and how to control their behaviour.… more →

Insecurities in Healthcare Applications

by Firosh Ummer, CISA

Online Healthcare applications come under the radar of HIPAA. In this article we discuss the threats they are exposed to, the attacks we’ve seen work against them and the precautions to take.… more →

Wireless Security - How WEP works

by Arvind Doraiswamy

As you probably already know Wired Equivalent Privacy (WEP) is used by companies to secure their wireless connections from sniffing attacks. You’ve probably also heard that it’s not very secure. In the first part of this 2 part series I’ll explain the inner workings of WEP and follow it up next month with why it’s insecure.… more →

QuizQuiz: SSL handshake for multiple pages

Your Internet Banking site is fully SSL enabled. Login-page, Account summary page and Fund transfer page are all HTTPS enabled. When you bank online - login, check your account summary and do a fund transfer, is SSL authentication and handshake happening separately for each page or is it one handshake for all the three pages?

  1. HTTP is stateless, so is SSL. Full SSL handshake needed for each HTTP page.
  2. SSL is stateful, only one full handshake for multiple HTTP pages in a session.
  3. SSL is security at IP layer. One handshake for one set of source/destination IP address.

more →

On the blog recently

Past quizzes

  • Nov '04 : How can I protect my application from SQL Injection attacks?
  • May '06 : So how does a software developer ensure that his/her application is safe from buffer overflows?
  • Nov '05 : Our applet implements an algorithm that's proprietary and a trade secret. How do I protect the algorithm from getting stolen at the browser?
  • Aug '05 : What kind of attacks does SSL prevent?
  • Apr '06 : Which of the following websites is least likely to be a target of phishing / pharming attacks?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award