Palisade Magazine
 
Virtualization – the promised land?

June 2007

Virtualization – the promised land?

by Arvind Doraiswamy

Someone somewhere is still getting compromised after investing a lot in security. Now there’s something called ‘virtualization’ which seems to be some kind of a promised land – a ‘solution’ to all these security problems. It’s being adopted rapidly across multiple organizations just because its ‘secure’. So what is virtualization? Why is it such a craze? Is it really that secure? Is there no way to compromise it? Are we finally 100% safe? A lot of pertinent questions there – let’s try and answer them, shall we?… more →

Common mistakes in two-tier applications

by Siddharth Anbalahan

In previous articles, we have talked about some of the attack techniques and defenses that are possible with two-tier applications. An important thing to note in two-tier applications is that a thick-client application running on the user’s machine directly connects to the database. This means that local machine can directly connect to the database. In this article, we look at some of the common mistakes made in configuring and developing two-tier applications which can render the database vulnerable to attacks from users.… more →

QuizQuiz: Safe Authentication Controls

Which of the following is/are required as safe authentication controls at login page?

  1. Enable SSL
  2. Define acceptable Inputs
  3. Use Salted Hash technique
  4. Disable password save and AutoComplete/fill-in
  5. All of them

more →

On the blog recently

Past quizzes

  • May '07 : Which of these is not a recommended best practice for implementing CAPTCHAs?
  • Jun '06 : How can we prevent directory traversal attacks on the web servers?
  • Jun '08 : What is Cross Site Printing?
  • Nov '05 : Our applet implements an algorithm that's proprietary and a trade secret. How do I protect the algorithm from getting stolen at the browser?
  • Jul '08 : A new proposal has been formed by W3C, to incorporate Web 2.0 developer's demands, by allowing cross site requests. Which among the following is the said proposal?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award
  • 15.02.09. Paladion/Plynt Launches a PCI Solution Package for the Retail Industry to Meet Demands for Enterprise Merchants Seeking PCI DSS Compliance
  • 10.06.08. Paladion is presenting on “Safeguarding SaaS” at the SaaS University in Boston, June 18-19
  • 17.03.08. Asian Banker awards Kotak Mahindra and Paladion the best security implementation project for 2007