Palisade Magazine
 
Measuring the Value of Remote Application Security Testing

February 2009

Measuring the Value of Remote Application Security Testing

by Paresh Amin, CISSP

It sometimes takes a major application security breach to get us fired up to test our applications. The recent breach at Hannaford Bros. is a good example where attackers managed to steal up to 4.2 million credit card and debit card numbers. It pays to be proactive when doing application security testing. Measuring the value of application and network security testing is the first step as what is measured can be improved. [Disclosure: Paladion/Plynt provides remote application security testing.]… more →

Selecting Application Security Vendors – Part II

by Sachin Varghese

In March 2005, Jose Varghese outlined the best practices for selecting application security vendors in Palisade. That article gave pointers to mid size and large enterprises who are leveraging external application expertise or intending to leverage external resources. Fours year later, we review the themes in that article. Have those criteria changed over these years when application security has moved from back-stage to center-stage? As we reviewed the criteria, we observed that the core principles Jose laid out in 2005 still hold true.… more →

Virtual Keyboard and the Fight Against Keyloggers

by Santosh Jadhav

Welcome to Safe Bank’s net banking. Please enter your net banking userid and password.

Userid: 15236523
Password: *************
Action = submit.jsp

and you have logged into net-banking application. Wow!!! You can now view your account balance, do third party funds transfer and much more.… more →

QuizQuiz: Mitigating the risk of CSRF attacks

Cross Site Request Forgery (CSRF) is an attack that tricks the victim into taking some action on the vulnerable application without the victim’s knowledge. CSRF attack can be carried out in different ways. Which of the following aspects in an ASP.NET application would not help mitigate the risk of CSRF attacks?

  1. Use of ViewStateUserKey
  2. Use of CSRFGuard httpModule
  3. Secure against XSS attacks
  4. Setting the HttpOnly attribute of the session cookie

more →

On the blog recently

Past quizzes

  • Mar '06 : Which is/are the secure methods, among given options, to prevent email addresses harvesting?
  • Apr '09 : Which of the following are the best practices for securing PHP applications?
  • Jun '08 : What is Cross Site Printing?
  • May '07 : Which of these is not a recommended best practice for implementing CAPTCHAs?
  • May '06 : So how does a software developer ensure that his/her application is safe from buffer overflows?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award