June 2007
Virtualization – the promised land?
by Arvind Doraiswamy
Someone somewhere is still getting compromised after investing a lot in security. Now there’s something called ‘virtualization’ which seems to be some kind of a promised land – a ‘solution’ to all these security problems. It’s being adopted rapidly across multiple organizations just because its ‘secure’. So what is virtualization? Why is it such a craze? Is it really that secure? Is there no way to compromise it? Are we finally 100% safe? A lot of pertinent questions there – let’s try and answer them, shall we?… more →
Common mistakes in two-tier applications
by Siddharth Anbalahan
In previous articles, we have talked about some of the attack techniques and defenses that are possible with two-tier applications. An important thing to note in two-tier applications is that a thick-client application running on the user’s machine directly connects to the database. This means that local machine can directly connect to the database. In this article, we look at some of the common mistakes made in configuring and developing two-tier applications which can render the database vulnerable to attacks from users.… more →
Quiz: Safe Authentication Controls
Which of the following is/are required as safe authentication controls at login page?
- Enable SSL
- Define acceptable Inputs
- Use Salted Hash technique
- Disable password save and AutoComplete/fill-in
- All of them