Software Security

Archive for the 'Web Application Security' Category

 

7-year-old SAMBA flaw prompts new concerns (and patches)

With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that: Are running SAMBA 3.5.0 or later Provide file- and printer-sharing on port 445 Are addressable from the internet Contain shared files Include write privileges Involve guessable […]

Continue Reading...

Posted in Vulnerability Assessment, Web Application Security | Comments Off on 7-year-old SAMBA flaw prompts new concerns (and patches)

 

Why should every eCommerce website have an SSL certificate?

In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers. […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment, Web Application Security | Comments Off on Why should every eCommerce website have an SSL certificate?

 

NodeJS: Preventing common vulnerabilities in the MEAN stack

Before jumping into the final post within our discussion on vulnerabilities in the MEAN stack, look back at the other four posts within this series discussing MongoDB, ExpressJS (Core), ExpressJS (Sessions and CSRF), and AngularJS. Development mode (NodeJS/ExpressJS) By default, Express applications run in development mode unless the NODE_ENV environmental variable is set to another value. In development mode, Express […]

Continue Reading...

Posted in Open Source Security, Vulnerability Assessment, Web Application Security | Comments Off on NodeJS: Preventing common vulnerabilities in the MEAN stack

 

AngularJS: Preventing common vulnerabilities in the MEAN stack

Before jumping into the latest post within our discussion on vulnerabilities in the MEAN stack, look back at the first three posts discussing MongoDB, ExpressJS (Core), and ExpressJS (Sessions and CSRF). AngularJS disabled SCE service Angular 1.2 and greater include the built-in Strict Contextual Escaping service ($sce) by default. This service strips malicious HTML tags (e.g., <script>, etc.), attributes (e.g., […]

Continue Reading...

Posted in Vulnerability Assessment, Web Application Security | Comments Off on AngularJS: Preventing common vulnerabilities in the MEAN stack

 

Synopsys launches the Fault Injection Podcast

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. Hosts Chris Clark, Principal Security Engineer at Synopsys, and Robert Vamosi, CISSP and Security Strategist at Synopsys, provide a forum for industry experts to talk about software security topics and their intersection with specific verticals such as medical, automotive, and […]

Continue Reading...

Posted in Application Security, Ethical Hacking, Network Security, Software Security Testing, Web Application Security | Comments Off on Synopsys launches the Fault Injection Podcast

 

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 2)

Before diving into the latest post within our discussion on vulnerabilities in the MEAN stack, look back at the first two posts discussing MongoDB and ExpressJS (Part 1). Client-side session storage (ExpressJS) With MEAN stack applications, it is fairly common to store the session state client-side in either a JSON Web Token (JWT) or custom cookie object […]

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 2)

 

Is a career in application security consulting right for you?

In January 2016, Forbes announced that there were one million job openings in cyber security. The shortage of talent has continued to mount while demand is expected to increase to six million globally by 2019. You may be intrigued by the idea of security consulting but aren’t sure how to transition or break through. If […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Web Application Security | Comments Off on Is a career in application security consulting right for you?

 

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

Before jumping into the Express framework, get up to speed with Part 1 of this series which explores MongoDB. Stack precedence (ExpressJS) The Express framework allows developers to easily add multiple middleware plugins globally to all routes via app.use(). However, middleware order is important because it will only be applied to routes defined further down the […]

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

 

MongoDB: Preventing common vulnerabilities in the MEAN stack

MEAN stack applications (MongoDB, ExpressJS, AngularJS, and NodeJS) are becoming increasingly popular as lightweight, easily deployable frameworks due to a vast ecosystem of middleware plugins and dependencies. But just how secure are these technologies? Let’s examine some common vulnerabilities that are introduced either by using these components in their default configurations or due to common […]

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on MongoDB: Preventing common vulnerabilities in the MEAN stack

 

What are the attributes of secure web application architecture?

Web application architecture typically covers the basic rendering and return of information to a client, usually on a web browser. Behind the scenes, a web application will draw upon many distinct layers. These may include servers used for presentation, business, and data. There are different architectures consisting of different layering strategies depending upon the need. […]

Continue Reading...

Posted in Security Architecture, Software Architecture and Design, Web Application Security | Comments Off on What are the attributes of secure web application architecture?