October 2008 - Following the White Rabbit Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
October 2008 - Following the White Rabbit Blog
Following the White Rabbit Blog
Home
About
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Automated Security Testing - Can't I Just Point-n-Click? (Part 3)
Automated Security Testing - Can't I Just Point-n-Click? (Part 2)
Automated Security Testing - Can't I Just Point-n-Click? (Part 1)
Is Anybody Listening?
SecTor - Meet n' Greet
Tags
application security
breach
compliance
conferences
dynamic analysis
educating developers
hacking
hacking demonstration
OWASP
PCI Compliance
PCI DSS
process
QA
quality
security
security automation
security program
securitycurity program
software quality
software security
speaking
sql injection
static code analysis
testing
web application security
View more
Archives
May 2009 (2)
April 2009 (3)
March 2009 (1)
February 2009 (4)
January 2009 (6)
December 2008 (9)
November 2008 (2)
October 2008 (5)
September 2008 (7)
July 2008 (4)
June 2008 (4)
May 2008 (4)
April 2008 (5)
March 2008 (1)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
Risk Rating - When Is Critical Not?
Have you ever thought to yourself - "How do they decide what's Critical / High / Medium / Low in the security defect findings?" If you have then you're not alone. I get asked that question on a regular basis, and unfortunately the answer...
Published
10-31-2008 5:51 AM
by
RafalLos
Filed under:
vulnerabilities
,
vulnerability context
,
risk rating
PCI Compliance Madness - See! I'm not insane!
Rich Mogull over at Securosis totally nailed it. This article he put up talking about the Web Application Firewall (although it's still a mis-named product, see my rant here ) vs. secure coding is brilliant. I've been saying this since I can remember...
Published
10-25-2008 5:41 AM
by
RafalLos
Filed under:
PCI DSS
,
compliance
,
web application security
,
Web application firewall
Security Frustrations - HttpOnly Directive
Security can be frustrating. It's even more frustrating when you know you have a possible mitigant for one of the more prevalent attacks (dating back to 2002) such as Cross-Site Scripting (XSS) and it takes years to implement this fix. Now, arguably...
Published
10-21-2008 2:53 AM
by
RafalLos
Filed under:
WebKit bug 10957
,
Cross-Site Scripting
,
Mozilla Bug 178993
,
HttpOnly
Monday - Web Server Comedy
Security is a peculiar thing. I've spent years telling people that there is such a thing as "good enough"... but sometimes I come across a situation where an attempt to be more secure makes an oops. I found another one of these today so...
Published
10-13-2008 12:26 AM
by
RafalLos
Filed under:
web server error
,
web.config
,
iis security
Web Application Security 101: Simple SQL Injection
Web application security is a hot topic, no doubting that these days. The awareness is growing and developers are starting to take notice of the security shortfalls in their code. Awareness of attacks like SQL injection, cross-site scripting, and CSRF...
Published
10-04-2008 5:08 AM
by
RafalLos
Filed under:
hacking
,
web application security
,
input validation
,
sql injection
,
web application hacking
,
data sanitization
,
user-agent
Privacy Statement