tag:blogger.com,1999:blog-23520533.comments2024-01-03T03:10:03.793-06:00Security PS BlogKris Drenthttp://www.blogger.com/profile/10182751344265769843noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-23520533.post-42689201320642318552018-08-02T06:06:02.134-05:002018-08-02T06:06:02.134-05:00Many thanks for that! Works here like a charm.Many thanks for that! Works here like a charm.Anonymoushttps://www.blogger.com/profile/13339191985576352120noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-69925439477796033952017-07-11T00:49:40.718-05:002017-07-11T00:49:40.718-05:00great nice post , very helpful Judi Bolagreat nice post , very helpful <a href="http://blogseobettingonline.blogspot.com/2017/06/cendanagamingcom-agen-bola-agen.html" rel="nofollow">Judi Bola</a>Anonymoushttps://www.blogger.com/profile/12390341754349058337noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-82781603043655011742017-06-12T09:26:02.995-05:002017-06-12T09:26:02.995-05:00Nice your Artikel.Domino QQNice your Artikel.<a href="http://wingsqqpromo.blogspot.com/" rel="nofollow">Domino QQ</a>pecundanghttps://www.blogger.com/profile/02272344777710025622noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-35657811419921838372014-05-28T04:57:21.305-05:002014-05-28T04:57:21.305-05:00Thanks A Lot For this Awesome plugin...
:)Thanks A Lot For this Awesome plugin...<br /><br />:)Manishhttps://www.blogger.com/profile/16819838529448928210noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-3155039038546725362013-01-22T04:37:45.655-06:002013-01-22T04:37:45.655-06:00Application security aspects must be integrated in...Application security aspects must be integrated into software development process. Late stage penetration testing is not sufficient because it will be too late and too expensive to fix mistakes.Aiden Semuelhttps://www.blogger.com/profile/12872139152206730123noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-58949685950198021632011-08-19T06:08:32.629-05:002011-08-19T06:08:32.629-05:00Great article - exactly what I was looking for. Th...Great article - exactly what I was looking for. Thanks for posting.xoundboyhttps://www.blogger.com/profile/03444998655254183572noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-83294013012684858562009-04-27T09:54:00.000-05:002009-04-27T09:54:00.000-05:00Google has some kind of approval process for new g...Google has some kind of approval process for new gadgets before they will be listed in the directory, but you can create and upload a gadget without any approval whatsoever. You would just need to advertise its location yourself. I very much doubt they subject gadgets to any kind of rigorous security testing during approval anyway.<br /><br />Of course, a patient attacker would just create a legitimate gadget, gather a large number of users, and then slip malicious code into the gadget with an update. Users aren't notified when updates occur and wouldn't notice a thing.Tom Striplinghttps://www.blogger.com/profile/01516225413980446081noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-33372741075297490592009-04-25T01:54:00.000-05:002009-04-25T01:54:00.000-05:00Interesting presentation...
Does Google now vali...Interesting presentation... <br /><br />Does Google now validate the code changes for Malicious content when hosted?Caseyhttps://www.blogger.com/profile/06701008067542827373noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-17379323048799744292009-04-15T13:41:00.000-05:002009-04-15T13:41:00.000-05:00Looks like a good presentation, thanks for posting...Looks like a good presentation, thanks for posting the slides. Access control is so critical and yet, we continually find issues with it and you're right on, the automated tools aren't very good at finding the issues.Dave Hullhttps://www.blogger.com/profile/00971582911550901088noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-27377482044867145632008-02-05T11:13:00.000-06:002008-02-05T11:13:00.000-06:00Brad,Thanks for bringing this up. These headers s...Brad,<BR/><BR/>Thanks for bringing this up. These headers should <B>only</B> be set for PDF files. Setting the header on other file types will cause those to be downloaded as well. In IIS, I don't know of a way to set the Content-Disposition header for all PDF files globally. You can only set the header on a per-directory or per-file basis.<BR/><BR/>Also, these instructions are only applicable to PDF files that are served directly by the web server. If your PDFs are generated by the application or fetched from the filesystem by a dynamic page, you can't set the Content-Disposition header in the web server configuration; it must be set in the application code. In ASP.NET, setting these headers might look like this:<BR/><BR/>Response.ContentType = "application/octet";<BR/>Response.AddHeader("Content-Disposition", "attachment");Tom Striplinghttps://www.blogger.com/profile/08242940776835890566noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-58445311220174098562008-02-05T08:49:00.000-06:002008-02-05T08:49:00.000-06:00I set the properties on my local web server follow...I set the properties on my local web server following your articles instructions. However, I found that by adding the Content-Disposition header (step 6) causes the browser to want to download the .aspx file as well.Bradhttps://www.blogger.com/profile/05618021065376014053noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-91519417187757205112007-09-03T10:04:00.000-05:002007-09-03T10:04:00.000-05:00I missed the presentation, but this is something I...I missed the presentation, but this is something I have frequently brought up with clients I work with in the financial industry, and to contacts in regulatory agencies. The question I often ask is why was guidance in '05 so vague. The FFIEC just said 'perform the risk assessment and implement strong authentication' Most of my clients relied on their vendors to provide MFA, and usually chose the least expensive option. While I loathe the false sense of security that passmark provides (I understand it's already been defeated btw) It is equally as flawed as certificates and profiling.Eric Kitchenshttps://www.blogger.com/profile/02187113067193681483noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-64831135219950926172007-08-29T14:14:00.000-05:002007-08-29T14:14:00.000-05:00I am one of them who is worried. I also attended t...I am one of them who is worried. I also attended the presentation and met Brendan at the Q&A room afterwards where he continued with his presentation, after his speaking time was up and they cut him off.<BR/><BR/>I blogged about it twice and nobody seems to care. As you said, somebody will care, but not for the user, but for his own benefits and abuse the exploits and flaws that were made public.<BR/><BR/>Here is the link to my original post from August 5, 2007:<BR/>http://www.roysac.com/blog/2007/08/new-online-banking-security-process.html<BR/><BR/>and here the one to my follow up post from August 12, 2007:<BR/>http://www.roysac.com/blog/2007/08/why-worry-today-if-your-bank-account.html<BR/><BR/>Cheers!<BR/>CarstenCarsten a.k.a. Roy/SAChttps://www.blogger.com/profile/01020073071020674102noreply@blogger.com