Software Security

Archive for the 'Web Application Security' Category

 

ExpressJS: Preventing common vulnerabilities in the MEAN stack

Before jumping into the Express framework, get up to speed with Part 1 of this series which explores MongoDB. Stack precedence (ExpressJS) The Express framework allows developers to easily add multiple middleware plugins globally to all routes via app.use(). However, middleware order is important because it will only be applied to routes defined further down the […]

Continue Reading...

Posted in Open Source Security, Web Application Security | No Comments »

 

MongoDB: Preventing common vulnerabilities in the MEAN stack

MEAN stack applications (MongoDB, ExpressJS, AngularJS, and NodeJS) are becoming increasingly popular as lightweight, easily deployable frameworks due to a vast ecosystem of middleware plugins and dependencies. But just how secure are these technologies? Let’s examine some common vulnerabilities that are introduced either by using these components in their default configurations or due to common […]

Continue Reading...

Posted in Open Source Security, Web Application Security | No Comments »

 

What are the attributes of secure web application architecture?

Web application architecture typically covers the basic rendering and return of information to a client, usually on a web browser. Behind the scenes, a web application will draw upon many distinct layers. These may include servers used for presentation, business, and data. There are different architectures consisting of different layering strategies depending upon the need. […]

Continue Reading...

Posted in Security Architecture, Software Architecture and Design, Web Application Security | Comments Off on What are the attributes of secure web application architecture?

 

Forging a SHA-1 MAC using a length-extension attack in Python

SHA-1 (Secure Hash Algorithm 1) is broken. It has been since 2005. And yet, that hasn’t stopped its continued use. For example, until early 2017 most internet browsers still supported SHA-1. As though to confirm that SHA-1 was really, truly dead, researchers from CWI Amsterdam and Google announced at the end of February 2017 they […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment, Web Application Security | Comments Off on Forging a SHA-1 MAC using a length-extension attack in Python

 

New Apache Struts 2 zero-day vulnerability: What you need to know

It has been more than 48 hours since this attack was made public. At this time, hackers are actively exploiting the critical vulnerability and are able to take complete control of web servers. Several sources have been discussing details for exploiting this vulnerability. Rather than focusing on how to exploit it here, we will ensure that you are […]

Continue Reading...

Posted in Application Security, Open Source Security, Vulnerability Assessment, Web Application Security | Comments Off on New Apache Struts 2 zero-day vulnerability: What you need to know

 

Bug elimination: Code scanning, fuzzing, and composition analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds his Phd. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, BlackHat, ToorCon, GrrCon, […]

Continue Reading...

Posted in Application Security, Code Review, Fuzz Testing, Software Composition Analysis, Software Security Testing, Static Analysis (SAST), Web Application Security | Comments Off on Bug elimination: Code scanning, fuzzing, and composition analysis

 

Hands-on strategies to counter common web application attacks

We’re excited to announce a new addition to our eLearning library: Attack & Defense. What’s this course all about? Web applications are becoming an increasingly high-value target for hackers looking to make a quick buck, damage reputations, or just boost their “street cred.” There is no shortage of publicly known attack tools and techniques, and software developers are outnumbered at the […]

Continue Reading...

Posted in Security Training, Web Application Security | Comments Off on Hands-on strategies to counter common web application attacks

 

Mark your calendar: RSA USA 2017 is almost here

RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here

 

The pursuit of hapi-ness: 5 must-have hapi security plugins

hapi is best known for being a scalable, community-centric framework, but it’s clear that security is also a priority for the team behind it. hapi makes it easy for developers to validate configurations quickly and without having to perform (many) workarounds, making for a clean, secure code base. hapi relies on community-approved plugins to help […]

Continue Reading...

Posted in Vulnerability Assessment, Web Application Security | Comments Off on The pursuit of hapi-ness: 5 must-have hapi security plugins

 

The complete security vulnerability assessment checklist

A vulnerability assessment is the process that identifies and assigns severity levels to security vulnerabilities in Web applications that a malicious actor can potentially exploit. The assessment is conducted manually and augmented by commercial or open source scanning tools to guarantee maximum coverage. This essential checklist is your playbook when it comes to comprehensively testing a Web […]

Continue Reading...

Posted in Vulnerability Assessment, Web Application Security | Comments Off on The complete security vulnerability assessment checklist