How To Find Vulnerabilities in ASP.NET Source Code

This section describes methods of handling user-supplied input, ways of interacting with the user’s session, potentially dangerous APIs in the ASP.NET platform. Identifying User-Supplied Data ASP.NET applications acquire user-submitted input via the System.Web .HttpRequest class. This class contains various properties and methods that web applications can use to access user-supplied data. There are various API Read More …

How To Prevent Information Leakage In Web Application

Although it may not be feasible or desirable to prevent the disclosure of absolutely any information that an attacker may find useful, various relatively straightforward measures can be taken to reduce information leakage to a minimum and to withhold the most sensitive data that can critically undermine an application’s security if disclosed to an attacker. Read More …

Securing Access Controls In Web application

Access controls are one of the easiest areas of web application security to understand, although you must carefully apply a well-informed, thorough methodology when implementing them. First, you should avoid several obvious pitfalls. These usually arise from ignorance about the essential requirements of effective access control or flawed assumptions about the kinds of requests that Read More …

How To Find Vulnerabilities in Java Platform Source Code

This section describes ways to acquire user-supplied input, ways to interact with the user’s session, potentially dangerous APIs, and security-relevant configuration options on the Java platform. Identifying User-Supplied Data Java applications acquire user-submitted input via the javax.servlet.http.HttpServletRequest interface, which extends the javax.servlet.ServletRequest interface. These two interfaces contain numerous APIs that web applications can use to Read More …

Securing Wireless Access Points / Routers

Wi-Fi devices – well known for their portability, flexibility and increased productivity are based on IEEE 802.11 standard . IEEE 802.11 WLAN, or Wi-Fi, is the most widely accepted broadband wireless networking technology, providing the highest transmission rate among wireless networking technologies. Threats to Wi-Fi Implementations Since radio waves can penetrate through walls there is Read More …

Mobile Device Security Guidelines

Mobile Threats and Attacks • Mobile devices make attractive targets: – People store much personal info on them: email, calendars, contacts, pictures, etc. – Sensitive organizational info too… – Can fit in pockets, easily lost/stolen – Built-in billing system: SMS/MMS (mobile operator), in-app purchases (credit card), etc. – Many new devices have near field communications Read More …

Secure Coding Guidelines For Android Developer

Android has built-in security features that significantly reduce the frequency and impact of application security issues. Developer should follow secure coding best practices for developing secure app. These are following secure coding guidelines, android developer should follow: Do not store sensitive information on external storage (SD card) in plain text Android provides several options to Read More …

Apache Tomcat Hardening & Security Guidelines

Hackerbulletin has prepared the most relevant settings into this checklist. While there is a significant amount of controls that can be applied, this document is supposed to provide guidelines of hardening measures. Least Privilege for the Tomcat Service Run the Tomcat application server with low privileges on the system. Create a dedicated service user for Read More …