December 11, 2006 - 09:00 CET
Michael Sutton had a chat with Searchappsecurity.com about the security threats for 2007: Top Web application security threats for 2007.
[...]
[...]
December 7, 2006 - 18:58 CET
ADAM is a good store for users in .NET, but some things tend to take long time to figure out. One of these are password managment. This post will explain a method for setting a user's password from code (for resetting a password, changing a password etc.).
[...]
[...]
December 7, 2006 - 08:52 CET
Sensitive or confidential information should appear in the log, but unfortunately both frameworks, data sources and custom code tend to do this.
[...]
[...]
November 27, 2006 - 09:03 CET
I found an interesting article at blogs.securityteam.com. This article explains how virtual keyboard solutions can be circumvented in phishing attempts. Read more here: Defeating Image-Based Virtual Keyboards and Phishing Banks
[...]
[...]
November 1, 2006 - 08:57 CET
Michael Sutton wrote an interesting blog post:Top 10 Signs You Have an Insecure Web App. It's interesting to see how a lot of these mistakes are actually found by google, making it really easy for potential attackers.[...]
October 24, 2006 - 14:27 CEST
Ruby on rails (RoR) is rapidly gaining popularity as a platform for developing web applications. However most tutorials teach you to write highly unsecure code that will allow attackers to exploit your applications. This is especially true for XSS (Cross Site Scripting).
[...]
[...]
October 5, 2006 - 11:04 CEST
The author of this report uses Google to find sites with SQL injection vulnerabilities. The results are that 11,3% of the assessed sites are open for SQL-injection. SQL injection is still one of the most common web application vulnerabilities.
[...]
[...]
August 24, 2006 - 09:37 CEST
The clever people at Stanford University has developed a browser plugin to avoid or limit the effect of certain phishing attacks.
[...]
[...]
August 20, 2006 - 16:53 CEST
Many web sites have SQL-injection and XSS (Cross Site Scripting) vulnerabilities, and security articles often mention lack of input validation as the reason for these problems. This isn't necessarily correct.
[...]
[...]
August 16, 2006 - 09:01 CEST
There has been a lot of writing on the web lately about Ajax being a major security concern for web applications. But are these concerns really justified? I just read a great article about this on "A Port80 Software Blog": Fear, Uncertainty and Doubt in Web 2.0
[...]
[...]
About Erlend
I'm a senior consultant at Bekk Consulting AS.
This blog is about software development, with a special focus on security.
Follow me on twitter
Latest posts
Tag cloud
Categories
Blogroll
Honeynor
BEKK Open
movito
Vidar's musings
Aslak Hellesøy
Geekbeing's rants
Jeremiah Grossman
RSnake
Mike Andrews
Schneier on security
Michael Sutton's blog
Network security blog
On code development
Change is nothing, everything is
leif
hamang.net
Andreas' code blog
The Dilbert Blog
Pearls before swine
BEKK Open
movito
Vidar's musings
Aslak Hellesøy
Geekbeing's rants
Jeremiah Grossman
RSnake
Mike Andrews
Schneier on security
Michael Sutton's blog
Network security blog
On code development
Change is nothing, everything is
leif
hamang.net
Andreas' code blog
The Dilbert Blog
Pearls before swine
