Ok so I’m old.

I can tell not by my drivers license, but because I remember the days when a 128 mb of ram on a 90 Mhz processor was a pretty powerful server. Granted the client computer were 486 DX 33 Mhz running DOS 6.22, with a Novell 4.11 client, and 10 mb network cards. The big threat then was the insidious boot sector virus. All the data for the development environment fit nicely on 9 gb of drive space. Cool stuff for someone that started writing COBOL on punch cards. Running jobs on what was basically a steam powered computer in comparison.

Each year the technology leaped forward to the point that it is only through reflection that I can recognize how much things have changed. I can’t put my finger on when it all changed so dramatically. This is very similar to adopting a puppy. Out of the blue, you realize the dog is huge! When did that happen?

Read more »

I continue to notice "security certified" images that state that a site has been tested to ensure that the website is secure from hackers.

This bothers me for several reasons:

1. These "security certified" images only pertain to a specific type of security.
2. These images create a false sense of security, literally, for both the customer and the website owner.
3. It seems to me that if you something like this on your website, you are challenging the hackers to try to hack your site.

Specific, vendor companies have created these icons to show/prove that the website has been tested for security. This should make a website's owners and/or the website customers feel safe against a security breach.

But is it the wisest course of action to place an image with words such as 'hacker proof' on any website?

Read more »

Technorati Profile

As a means to promote Web Application Security, I am posting common Web Application Vulnerabilities. This list comes from a combination of sources: my own personal experience, OWASP, WASC, and IBM Watchfire.

Please check back periodically, as I will continue to post more information on common vulnerabilities.

Pages: 1 · 2 · 3 · 4 · 5 · 6

Too many people assume that they do not have web application vulnerabilities. I’m not sure why, because statistic after statistic shows that this is where the overwhelming majority of vulnerabilities occur. Perhaps they think they are covered by the measures they’ve already taken. Perhaps they think it won’t happen to them, that they don’t handle "sensitive" data in their applications. Perhaps they have more immediate problems to resolve.

There seem to be recurring myths that people have surrounding web application security that I would like to dispel.

Read more »