Browse by Tags - The HP Security Laboratory Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
The HP Security Laboratory Blog
»
All Tags
»
security
(RSS)
Browse by Tags
The HP Security Laboratory Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Why we can’t count (data loss)
Uncharted Territories: the personal-corporate-social-web-mashup
Schneier on security in the age of cloud computing
Social Insecurity
Microsoft's ClickOnce Firefox add-on
Tags
Ajax
Ajax Security Book
cross-site scripting
cross-site scripting
Firefox
hacked
hackers
Headers
hipaa
HTML Injection
html injection
information disclosure
input validation
JavaScript
malware
Microsoft
Password Security
personal health information
Privacy
Research
security
SQL Injection
web application security
wordpress
XSS
View more
Archives
May 2009 (5)
April 2009 (5)
March 2009 (5)
February 2009 (6)
January 2009 (7)
December 2008 (2)
November 2008 (1)
August 2008 (1)
June 2008 (1)
January 2008 (1)
December 2007 (2)
November 2007 (5)
October 2007 (1)
August 2007 (2)
July 2007 (2)
April 2007 (1)
March 2007 (1)
January 2007 (2)
December 2006 (1)
November 2006 (1)
October 2006 (2)
July 2006 (4)
June 2006 (5)
May 2006 (1)
April 2006 (2)
adobe
Ajax
Ajax Security Book
book
browser
bruce schneier
cloud computing
compliance
crime
data breach
Firefox
flash
hacked
hackers
healthcare
hipaa
information disclosure
input validation
JSON
malware
Microsoft
Password Security
policy
Privacy
Research
social networks
SQL Injection
Sun
SWFScan
testing methodology
vulnerabilities
web application security
web applications
Why we can’t count (data loss)
Numbers lie Recently California made headlines after more than 800 data breach disclosures were filed in the first five months of 2009. Upon closer inspection, the large number of incidents does not represent a rise in actual incidents, but just a change...
Published
07-15-2009 8:54 PM
by
todd.densmore
Filed under:
Privacy
,
security
,
compliance
,
web application security
,
data breach
Uncharted Territories: the personal-corporate-social-web-mashup
Corporate web communications have grown from simple web pages to massive and complex applications. The security department has mostly kept up and maintained a secure perimeter—even when that perimeter included outsourced and vendor systems. Contracts...
Published
06-24-2009 3:19 PM
by
Chris Sullo
Filed under:
security
,
hacked
,
policy
,
web application security
Schneier on security in the age of cloud computing
Bruce Schneier offers a great perspective on why security is even more important in the age of cloud computing. As the expression goes, three can keep a secret if two of them are dead. In a nutshell, cloud computing forces you to increase the number of...
Published
06-04-2009 4:03 PM
by
mark.painter
Filed under:
security
,
cloud computing
,
bruce schneier
Social Insecurity
Not too long ago, one could trust the big corporate names to run clean websites. You had to go surfing down some shady back alleys of the web to expose yourself to malware. Those were the naïve days of the pre-adolescent internet, when firewalls...
Published
05-28-2009 8:57 PM
by
todd.densmore
Filed under:
malware
,
security
,
social networks
Microsoft's ClickOnce Firefox add-on
With Firefox, I just went to download a certain new version 2.0 web browser and and was surprised that after hitting the license accept button Firefox started up an installer, downloaded the application and installed it without any prompts or questions...
Published
05-22-2009 2:35 PM
by
Chris Sullo
Filed under:
security
,
Firefox
,
Microsoft
,
browser
Keep the snakes at bay
Recently, a state agency announced that their site had been compromised by computer hackers. The attackers left a ransom note on the web site claiming that they had captured 8.3 million patient records and 35.6 million prescriptions. The attackers also...
Published
05-06-2009 9:37 PM
by
kenswinney
Filed under:
security
,
hacked
,
hipaa
,
healthcare
,
web applications
,
hackers
Exposing Flash Application Vulnerabilities with SWFScan
After months of hard work and late caffeine-fueled nights, HP’s Web Security Research Group is proud to release HP SWFScan . HP SWFScan is a free Windows-based security tool to help developers find and fix security vulnerabilities in applications developed...
Published
03-20-2009 10:12 PM
by
billyhoffman
Filed under:
security
,
flash
,
adobe
,
SWFScan
Diamond heist holds infosec lessons, too
Wired is running the story “ The Untold Story of the World's Biggest Diamond Heist ” on their site and in the next issue. You may have already read it, since it’s pretty popular on the tubes right now. If you haven’t—while it’s pretty long—it’s an...
Published
03-13-2009 6:07 PM
by
Chris Sullo
Filed under:
security
,
testing methodology
,
hacked
,
vulnerabilities
,
crime
The security industry should hold itself to higher standards
At a previous job I worked on the application testing side of web security—breaking in-house/contract built applications, commercial off-the-shelf (COTS) applications, appliances, and partner’s sites (which were built with all of the above). While most...
Published
02-13-2009 8:15 PM
by
Chris Sullo
Filed under:
security
,
vulnerabilities
Educating the Massess About Security
In my last post I talked about zombies and warnings and such (and, ok, a little bit about security). I'm not too surprised at the press the sign changing is getting, since traffic and driving are things the vast majority of us deal with. However,...
Published
02-06-2009 6:35 PM
by
Chris Sullo
Filed under:
Password Security
,
security
,
information disclosure
Sun releases Netscape Enteprise source--let the bug hunt begin?
Sun Microsystems announced today that Netscape Enteprise Server, one of the original grand-pappys of "modern" web servers (which excludes NCSA--sorry fanboys... I know you're out there), has been released under the BSD license. This isn't...
Published
01-16-2009 9:07 PM
by
Chris Sullo
Filed under:
security
,
Research
,
vulnerabilities
,
Sun
The CWE/SANS Top 25 Most Dangerous Programming Errors
This week saw the release of the “ Top 25 Most Dangerous Programming Errors ” list from MITRE and SANS. At first skim, I nearly discarded it as just an effort to pad resumes—after all, do we really need another “top X” list (every group with a barely...
Published
01-15-2009 7:36 PM
by
Chris Sullo
Filed under:
security
,
input validation
,
SQL Injection
Ajax Security more than Increased Attack Surface
I got an email from Christ1an the other day asking me what Ajax Security was all about. I was just going to send him the table of contents to the book, but I thought it might be educational to see how the components of Ajax security relate, and where...
Published
11-07-2007 12:29 PM
by
Billy
Filed under:
Ajax
,
security
,
Ajax Security Book
The real reason for (JavaScript|JSON) Hijacking
When JSON hijacking was first discussed and demonstrated in 2006 and 2007 by Whitehat, Fortify and others, all of the proof of concepts used Mozilla specific JavaScript extensions like setter or __defineSetter__ . This led many people to believe that...
Published
08-27-2007 1:59 PM
by
Billy
Filed under:
Ajax
,
security
,
book
,
JSON
Privacy Statement