Secure Coding: Misuse of Security Concepts
In a previous post, we discussed why bugs are so frequent and persistent when it comes to application security. One of the reasons mentioned was misuse of security concepts in...
View
Understanding Application Security and APIs
Application security as a whole requires an overarching view of all your products and how their vulnerabilities might be made worse or better in relation to each other. However, an...
View
UNIX and Stack Smashing
Let us look into what buffer overflow vulnerabilities are, what aspects of UNIX system design allows their (popular and continued) exploitation and what precautions can be taken to patch them....
View
A brief look into securing calls to Software Libraries and frameworks
One of the most common uses of APIs is integrating libraries and frameworks that has a required behavior to a new software in order to cut down on the development...
View
Reflected Cross Site Scripting and Subsequent Session Hijacking
Cross Site Scripting attacks and session hijacking are two very common attacks that plague many web applications. From these attacks, cross site scripting can be sufficiently mitigated using proper user...
View
POSIX capabilities, Yay or Nay?
Certain programs in Linux environments are required to run with a higher level of privilege than allowed to the normal user. This is supported through the “setuid(0)” function, where the...
View
A glimpse into Shellshock
Shellshock is a family of exploits which lets attackers execute arbitrary code through Unix Bash Shells.
View
Denial of Service - Then and Now
Perhaps the simplest way to understand Denial of Service would be the Ping of Death attack. Following that, we shall discuss how contemporary attacks exist which resemble Ping of death,...
View
SSL Attacks and Countermeasures
Let us discuss several attacks that are conducted on Secure Socket Layer, what vulnerabilities they exploit, how the attacks are conducted, and what countermeasures can be applied to mitigate them....
View
The Requirement for Application Security in web-based applications
Looking at the threat landscape of modern web applications it is clear that perimeter security measures such as Firewalls are not sufficient. While this does not imply that the perimeter...
View
The relationship between project planning and scheduling and the success of software development projects
Determining the success of a software project is mentioned to be problematic in literature due to different parameters considered by different stakeholders (Ghazi, et al., 2014; Patanakul, et al., 2010;...
View