October 2006
Securely Webifying Applications
by Roshen Chandran, CISSP
We see a recurring pattern of security errors when organizations migrate their legacy applications to the web. This Executive Briefing documents the most common security mistakes we have seen in the last 5 years.… more →
Anti-phishing - Incident Response
by Jose Varghese, CISSP, GSEC, GCIH, CBCP, BS7799 LA
As we had seen in the first two parts of the series, there are several ways of preventing and detecting a phishing attack. Even if we take all necessary precautions a successful phishing attack could still happen and we need to be prepared to respond to it. In this article we explore some of the incident response steps we can take to limit the damage.… more →
5 Tips for Securing Software as a Service
by Roshen Chandran, CISSP
Field notes on how best to secure “Software as a Service”(SaaS). We ran into 12 SaaS apps last quarter - we were asked to test them. Here’re our field notes from those assignments, our favorite security tips to SaaS developers:… more →
Quiz: Identifying HTTP Request Smuggling attacks
HTTP requests go through various applications like Cache, proxy, firewall etc. before reaching to the web server. An attacker sends multiple specially-crafted HTTP requests which cause the intermediate entities between the attackers browser and web server to see different sets of requests.What type of attack is this?
- Cross Site Tracing attack
- HTTP Request Smuggling attack
- Cross site Request forging attack
- SQL Injection attack