security

warning: Creating default object from empty value in /hermes/walnaweb12a/b57/moo.greydragoncom/nodsw/modules/taxonomy/taxonomy.pages.inc on line 33.
Leeland's picture

Defensive Java Programming Notes (04 of 11) Napkin

Napkin - Encoding and Decoding Tool Napkin is an encoding and decoding tool designed for quick manipulation of information when working on web applications. It's not overly robust for large amounts of information, but it comes in handy every so often.
  • Supports multiple common encoding formats
  • Hex representation of all data
  • Can display numerical conversions
  • Can encode and decode HTML and base 64 data
Homepage at: http://www.0x90.org/releases/napkin/index.php
Leeland's picture

Defensive Java Programming Notes (03 of 11) Think Evil

As a developer you need to wear an evil hat when you think about testing your applications.

There are a proliferation of security failures, the rate of breaches and the cost of breaches are going up alarmingly.

2005 - $138 million cost of breaches
2006 - $182 million cost of breaches
2007 - $197 million cost of breaches

Proliferation:

- TJX Corporation: 95 million credit card numbers stolen
- Amertrade: 6.3 million customer records compromised
- Hannaford Bros: 4.2 million credit card numbers stolen
- Monster.com: 1.6 million customer records compromised

Leeland's picture

Defensive Java Programming Notes (02 of 11) Cross Site Scripting

Cross Site Scripting vulnerability started with Sammy on MySpace. Before that XSS vulnerability was known but not really considered a big deal.

Using XSS an attacker can:

  • Hijack your account
  • Spread web worms
  • Access your browser history and clipboard contents
  • Remotely control your browser
  • Scan and exploit you intranet appliances and applications
  • Alter your router's DNS settings and control every webpage you visit thereafter
Leeland's picture

Defensive Java Programming Notes (01 of 11) Introduction

Taking a course on Defensive Java Web Programming presented by Kevin Poniatowski from Security Innovation http://www.securityinnovation.com and there are a lot of cool things to think about and remember. So starting this thread so I can write notes essentially to myself, but hey why not share.

"Threat trend data shows that applications are more commonly attacked than the perimeter"
Depository Trust and Clearance Corporation

Leeland's picture

Minimizing the Attack Surface

Chris Eng has written two excellent articles on development considerations:

Leeland's picture

Password Notes

Computer security is not surprisingly greatly underestimated and very misunderstood. To access a computer normally requires 2 items a login name or ID (identification) and a password. The combination of those to items constitutes a key. Like putting a good strong deadbolt on a house, or locking the doors of a car, the login ID and password lock a computer.

Thread Slivers eBook at Amazon

Syndicate content