Arşiv

Günlük Okunma : 3 | 22.08.2006

SQLBlock trying a different approach to block SQL Injection attacks. Putting a control layer between application and database. While idea is quite good we all know these kind of protections never better than secure coding practices. But it's always welcome for defense in depth. Check out demo and research paper which give more information about SQLBlock. ...

Günlük Okunma : 2 | 22.08.2006

While I was returning from a small business trip I decided to read CLASP (Comprehensive Lightweight Application Security Process) I fired it up in my notebook and really impressed but I think still need to improve lots of sections. For example "Vulnerability View - Range & Type Errors" doesn't include lots of web application vulnerabilities like CSRF (Cross Sire Request Forgery) and much other, Checklists are really limited etc..CLASP describes best practices for security processes for active application or new ones. You should definitely check it out. You can download CLASP from......