Twas the night before Xssmas and all through world Not an application was safe, no one dared click a URL. People’s browsers sat idle and t...
Home
Archive for
2007
Defcon 15: "Strong" Authentication in Web Applications
Has your organization recently implemented multi-factor, risk-based, or mutual authentication? Do you think your application is now more se...
What OWASP is and what it means to you
Our blog has featured a link to the OWASP web site for most of its existence. Maybe you have clicked on it and checked out the great resour...
Defcon 2007
The Security PS consulting team recently attended Defcon 15 . With five tracks running over three days, the conference jam-packed enough hac...
Banks fail to meet FFIEC multi-factor authentication requirements
By the end of 2006, U.S. financial institutions were told to comply with the FFIEC’s updated guidance on authentication for Internet banking...
Tips for Avoiding Bad Authentication Challenge Questions
I’m excited to share the news about a brand new white paper from Security PS. We’ve had clients requesting this information for months, and...
New App Security Resource
The App Security Advisor blog and podcast has been released. While you can read and listen to the first post on the web site to hear what ...
When to Assign Users Responsibility for Security
First, I wanted to mention that the Security PS blog is now one year old. We thank those of you who have scrutinized and shared our content...
Searching Google for SQL Injection Targets
SPI Dynamics recently had an on-demand webcast where they scanned around 1000 sites using the Google API for SQL injection. The scanning app...
Cross-Site Scripting in Adobe Plug-In
You may have seen the recent flurry of news stories surrounding a cross-site scripting (XSS) vulnerability in Adobe's PDF browser plug-i...
Subscribe to:
Posts
(
Atom
)