NIST Releases Cloud Computing “Security Reference Architecture” (SP 500-299) for Public Comment
The National Institute of Standards and Technology (“NIST”) loves its “Special Publications” the way IRS agents love new tax forms.... more »
Tweet 0 Comments Save Tags: cloud , security
Your login form posts to HTTPS, but you blew it when you loaded it over HTTP
Loading login forms over HTTP renders any downstream transport layer security almost entirely useless. Load the login form over HTTPS,... more »
Tweet 0 Comments Save Tags: security
Secure Web Application in Java EE6 using LDAP
Step by Step Tutorial on how to apply Java EE6 security to a sample web application using LDAP server for authentication. Form based... more »
Tweet 2 Comments Save Tags: java , research , security
Advancing Network and Security Performance
While server virtualization has actually been available for more than a decade, many IT professionals still refer to it as a relatively... more »
Tweet 0 Comments Save Tags: cloud , security , server , standards
Joomla Tutorial - Build a Custom Authentication Component
Short tutorial that shows how to create an API for authenticating anyone via a query string. This will allow an external program -- e.g.... more »
Tweet 0 Comments Save Tags: how-to , php , security
Guess what? Your cloud vendor's data center is more secure than yours
There is a persistent myth that your data center is more secure than your cloud vendor's, and I hate to burst your bubble, but chances... more »
Tweet 0 Comments Save Tags: cloud , security
Analyze java source with “Yasca” and detecting security vulnerabilities
Analyze java source with “Yasca” and detecting security vulnerabilities
Tweet 0 Comments Save Tags: java , open source , security , windows
How Important is Requirements Traceability? Just Ask the CBOE
When the Chicago Board Options Exchange trading system was knocked out a few weeks ago, investors and customers wanted answers, and they... more »
Tweet 0 Comments Save Tags: methodology , news , security , standards
Your DNS Server Is Helping DDoS Attacks
Running a public DNS server also comes with added responsibilities. Among them is the a growing problem of being both a DDoS target and... more »
Tweet 0 Comments Save Tags: security
A Deep Dive Into Mobile Malware
Emil Ong works as an engineer for the security team at Lookout and provides firsthand information on mobile malware and ways to protect... more »
Tweet 0 Comments Save Tags: mobile , security
Keccak: The New SHA-3 Encryption Standard
After years of testing and analysis, the U.S. government selected the Keccak algorithm to be the new SHA-3 encryption standard. Here is... more »
Tweet 0 Comments Save Tags: other languages , reviews , security
What I Was Thinking... During Our Last Outage (by the CIO of the US Tennis Association)
Major outages are to CIO tenure what kryptonite is to Superman. This was especially true during our last outage, which happened during my... more »
Tweet 3 Comments Save Tags: opinion , security
Using Grep to Find Security Vulnerabilities in PHP code
Finding all security vulnerabilities in a piece of code may be hard as it requires in depth analysis of what the code does. However,... more »
Tweet 0 Comments Save Tags: open source , php , security , tools
Javascript Implementation of SHA256 Hashing
While SHA256 hashing is normally done server side, it is easily possible to create SHA256 digests client side using Javascript.
Tweet 1 Comments Save Tags: javascript , security , server
Preventing CSRF Hacks in ASP.NET WebAPI
Use ASP.NET MVC's AntiResourceForgery token mechanism and extend it to Web API via a delegating handler to prevent CSRF attacks
Tweet 0 Comments Save Tags: .net , how-to , microsoft , security
Infographic: The Paradox of Too Many Passwords
Employees have to deal with too many passwords and it's gotten so bad that in the name of making your systems secure, you may be less... more »
Tweet 0 Comments Save Tags: security
5 Myths of Password Security
High profile database breaches aren’t a daily thing just yet, but they’re certainly not rare. Linode’s recent system-wide password reset... more »
Tweet 0 Comments Save Tags: research , security , web design , web services
Spring Security Login
Spring Security Login - focus on the Login Form and the Security Configuration
Tweet 0 Comments Save Tags: how-to , java , security
Defensive Coding With APIs
When it comes to integrating with, and depending on, third-party APIs in your business solution, you had better think twice of the... more »
Tweet 0 Comments Save Tags: methodology , security , standards , web 2.0
Secure Development Lifecycles Edging Further Into the Market
Secure development lifecycles sound good: processes to ensure that developers create software more securely from the start. But doing so... more »
Tweet 0 Comments Save Tags: security
Authentication with Windows Azure Mobile Services on Windows Phone
Despite its fairly simple wrapper, Azure Mobile Services can be used for standard in-app authentication. In this article I am going over... more »
Tweet 0 Comments Save Tags: how-to , microsoft , security , tools
5 Links for Developers and IT Pros 4-26-13
This week we look at how to build apps your users will hate, 10 security holes that would make Murphy proud, and that you might have... more »
Tweet 0 Comments Save Tags: mobile , security , trends
ASP.NET Web API Security: The Thinktecture.IdentityModel AuthenticationHandler
AuthenticationHandler is an ASP.NET Web API message handler that can map incoming credentials to a token handler. The token handler in... more »
Tweet 0 Comments Save Tags: .net , frameworks , security , web services
10 Non-Computer Network Security Dangers
Nearly anything with a CPU in it is a potential hazard. Sure, we go to great lengths and firewalls and build in intrusion detection... more »
Tweet 0 Comments Save Tags: security
Java users beware: Exploit circulating for just-patched critical flaw
If you haven't installed last week's patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a... more »
Tweet 1 Comments Save Tags: java , security
