Sponsored White Papers, Webcasts, and Downloads
- sort by:
- Relevance
- Date
- Popularity
- Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure Cloud Computing
- Cloud computing was not designed for security, although organizations such as Cloud Security Alliance CSA and Open Web Application Security Project OWASP are making great strides in helping the industry solve the myriad security problems confronting cloud computing. The benchmark guidelines established by the CSA in the document, Guidance for...
- White papers 2009-07-22
- Security Pitfalls in Stripes Web Applications
- The Stripes framework (www.stripesframework.org) is a Java web presentation framework that aims to ease the process of creating Java based web applications, by favouring defaults over verbose configuration and by providing a single backing bean for both properties and methods. This paper covers Stripes version 1.5.1 from www.stripesframework.org. It exposes...
- White papers 2009-05-11
- WAF Virtual Patching Challenge: Securing WebGoat With ModSecurity
- This paper presents the technical details behind a virtual patch, which is a critical protection function provided by Web Application Firewalls WAFs. A virtual patch is a powerful, agile mitigation strategy to quickly help protect vulnerable web applications from remote compromise. During the course of this whitepaper, it evaluates a...
- White papers 2009-01-20
- Honeywell Protects Against Web Threats, Achieves Significant Cost Savings Using Breach Security WebDefend
- Global companies like Honeywell are often targeted at the web application layer. As new online threats emerged, Honeywell sought solutions to protect its extensive web layer. Specifically, Honeywell wanted protection against threats listed on the Open Web Application Security Project's OWASP Top Ten list, which includes cross-site scripting and SQL...
- Case studies 2009-01-13
- WebDefend and the OWASP Top Ten
- With all the web application attacks and vulnerabilities surfacing - it is hard to know where to focus the security efforts. Luckily, OWASP produces the OWASP Top Ten list to raise awareness of web application security. This list is an outstanding starting point for prioritizing web application security attacks and...
- Webcasts 2009-01-01
- Web Application Security: Managing Cross-Site Scripting, the Number One Item on OWASP's Top Ten List
- The Open Web Application Security Project OWASP is, by its own definition, "a worldwide free and open community focused on improving the security of application software. Its mission is to make application security 'Visible,' so that people and organizations can make informed decisions about application security risks." The global OWASP...
- White papers 2009-01-01
- Outsmarting Tomorrow's Hackers Today
- Network IDS/IPS and first-generation Web Application Firewalls WAFs don't protect against today's sophisticated web application threats, such as cross-site scripting, injection flaws and other vulnerabilities listed on the OWASP Top 10. IT professionals need the necessary visibility into their web application security to understand how applications are being used, when...
- Webcasts 2009-01-01
- Building towards my career
- I am interested in writing security software from both a defensive and offensive posture (i.e, firewall, antivirus, pen-testing tools, expoits, etc...). I am currently a student obtaining an Assoc. in Computer Networking Systems. I graduate in December and am wondering, what is the best step for me to take next?...
- Discussion threads 2008-08-06
- Best Practices: Use of Web Application Firewalls
- Web applications of all kinds, whether online shops or partner portals, have in recent years increasingly become the target of hacker attacks. The attackers are using methods which are specifically aimed at exploiting potential weak spots in the web application software itself - and this is why they are not...
- White papers 2008-05-01
- What is cross-site scripting?
- Cross-site scripting: Have I covered everything?In the article [url=http://blogs.techrepublic.com.com/security/?p=426]What is cross-site scripting?[/url] I explained what XSS (cross-site scripting) is, the three major types of XSS, and what we can do to mitigate the risks. Have I covered everything?Let me know what I've forgotten, or what you'd like to know...
- Discussion threads 2008-03-19
- Training on OWASP top 10 vulnerabilities- for developers
- would appreciate recommendations and contact info for effective and resonably priced training for SW dev. team that addresses the OWASP 2007 ton Ten vulerabilities.
- Discussion threads 2007-07-26
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- This blog entry is also available as a TechRepublic download in PDF form.In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. The final three vulnerabilities...
- Blog posts 2007-06-13
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. Tom Olzak explains the nature of these weaknesses followed by recommendations for protecting Web applications from...
- Download resources 2007-06-13
- Use the revised OWASP Top Ten to secure your Web applications -- Part 4
- Consider using constants ...I like this series of articles regarding the OWASP Top 10 2007. I have one question though:Could you elaborate on the next issue:'Consider using constants or other types of input to scripts that are not supplied by the user'
- Discussion threads 2007-06-08
- Use the revised OWASP Top Ten to secure your Web applications -- Part 7
- This article is also available as a TechRepublic download.The seventh installment in the 2007 OWASP Top 10 series takes a look at broken authentication and session management vulnerabilities. Tom Olzak explains the nature of this weakness followed by recommendations for protecting Web applications from attacks related to this security problem.Broken...
- Blog posts 2007-06-06
- Use the revised OWASP Top Ten to secure your Web applications - Part 7
- The seventh installment in the 2007 OWASP Top 10 series takes a look at broken authentication and session management vulnerabilities. Tom Olzak explains the nature of this weakness followed by recommendations for protecting Web applications from attacks related to this security problem. This download is also available...
- Download resources 2007-06-06
- Use the revised OWASP Top Ten to secure your Web applications -- Part 6
- Even better...... is to have the application pass the error to a system to notify development. Why have the user call the help desk and report an error code, when the application could log the error code and alert the help desk? Better logging, and better notifications, combined with better...
- Discussion threads 2007-05-11
- Lock it down: Use the revised OWASP Top Ten to secure your Web applications -- Part 6
- This article is also available as a TechRepublic download.How improper error handling contributes to data leakage Improper error handling is caused by providing too much information to the user when an error occurs in an application or the underlying infrastructure. The following is a partial list of content that often...
- Blog posts 2007-05-10
- Use the revised OWASP Top Ten to secure your Web applications -- Part 6
- Vulnerability six in the 2007 OWASP Top Ten is Information Leaking and Improper Error Handling. Typically caused by verbose errors, attackers exploit this weakness to obtain information about the target system's software and hardware architecture. In this, the sixth in a series on the revised OWASP Top Ten Web Application...
- Download resources 2007-05-10
- Lock it down: Use the revised OWASP Top Ten to secure your Web applications -- Part 5
- This article is also available as a TechRepublic download.Thefundamental weakness that can potentially make insecure direct object referencean attractive attack vector is a failure to properly secure directories andfolders on site servers. Also known as directory traversal, insecure direct objectreference vulnerabilities are exploited by simply adjusting URLs provided whenusers visit...
- Technical articles 2007-04-18
- << Previous
- page 1 of 2
- Next >>
