Blogs - HP Application Security Center Community
United States-English
» Home - Tab
Blogs - Tab - Selected
» Forums - Tab

Blog posts

0
Comments

» Web Application Security - Creating Awareness

You can preach. You can threaten. You can send links to articles from the Wall Street Journal's front page. ... but until it happens to someone your company is in direct competition with, no one listens. Of course, the minute a data breach happens...
Posted By RafalLos On September 16, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Top Five Web Application Vulnerabilities 9/2/08 - 9/14/08

1) Joomla! Multiple Remote Vulnerabilities and Weaknesses Joomla! is susceptible to multiple remote vulnerabilities which are exploitable via a browser. Remote attackers can leverage these issues to conduct phishing attacks, redirect victims to attacker...
Posted By mark.painter On September 15, 2008 | No Comments | Trackbacks | Permalink
3
Comments

» Case Study: Right vs Right Now in a Big Company

As stated in a previous entry, I'm going to break down some of the [nameless] case-studies I've got in my notebook over the last several months. As a note, if you read one of these and think it's you... feel free to tell me if I've missed...
Posted By RafalLos On September 09, 2008 | 3 Comments | Trackbacks | Permalink
0
Comments

» Top Five Web Application Vulnerabilities 8/18/08 - 9/1/08

1) Novell Forum TCL Command Injection Vulnerability Novell Forum is susceptible to a command injection vulnerability. Remote attackers can exploit this vulnerability via URL modification to execute TCL commands, possibly leading to compromise of the application...
Posted By mark.painter On September 04, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Attention App Sec Professionals in Ottawa and Montreal, Canada!

... we've got a workshop coming to Ottawa and Montreal coming in September. You read it right... I'll be up in Ottawa, CA on Sept. 22nd, and Montreal, CA on Sept. 23rd giving 2 feature-packed workshops that you can't afford to miss if you...
Posted By RafalLos On September 04, 2008 | No Comments | Trackbacks | Permalink
1
Comments

» Obstacles to Building a Successful Security Program [part 1]

Since February, I've been traveling and meeting with IT Security leaders, CISOs, Program Managers and other folks in charge of application security for their business and a few themes have recurred. I'm fascinated by the differing scenarios and...
Posted By RafalLos On September 04, 2008 | 1 Comments | Trackbacks | Permalink
0
Comments

» Passive Scan Policy Available for Download via SmartUpdate

The HP Web Security Research Group has released a new policy geared towards "passive" scanning of an application. Passive scanning of an application means that no actual exploits will be attempted, making the assessment safe to perform against...
Posted By mark.painter On August 19, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Top Five Web Application Vulnerabilities 8/04/08 - 8/17/08

1) Alcatel-Lucent OmniSwitch Products HTTP Header Remote Buffer Overflow Vulnerability Alcatel-Lucent OmniSwitch products are susceptible to a remote buffer overflow vulnerability. An attacker can leverage this issue to execute arbitrary code within the...
Posted By mark.painter On August 18, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Top Five Web Application Vulnerabilities 7/21/08 - 8/03/08

1) Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability Sun Java System Web Sever 7.0 plugin for Sun N1 Service Provisioning System (N1SPS) is susceptible to a remote authentication bypass vulnerability. An attacker...
Posted By mark.painter On August 04, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Building a Web Application Security Program Without a Budget

As promised, I'm writing up the first segment of implementing a web application security program without having to spend (or add spend to) your own budget. The current economic conditions are stiffling technology investments and security programs...
Posted By RafalLos On July 29, 2008 | No Comments | Trackbacks | Permalink
1
Comments

» File Upload Vulnerabilities (it's your own fault)

Hi folks, I've been reading a lot on the c99madshell , and have come to a very simple conclusion. Scripts that take over your server and make it do inappropriate things can be often avoided by simply appropriately managing your file-upload capabilities...
Posted By RafalLos On July 22, 2008 | 1 Comments | Trackbacks | Permalink
0
Comments

» Top Five Web Application Vulnerabilities 7/7/08 - 7/20/08

1) Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability Microsoft Outlook Web Access (OWA) for Exchange Server is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute...
Posted By mark.painter On July 21, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» St. Louis, MO - Web Application Security Workshop

7.17.08, 12:38am CDT... Airport delays are a horrible way to finish out a business trip... just puts such a bummer on everything. As you can tell if you're reading this, it's after midnight and I just got home and unwound. My flight was supposed...
Posted By RafalLos On July 17, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Security Program vs. Shrinking Budget - Part 1

Greetings readers, it's been a while since I wrote up an article - but I've been busy I assure you. I've been gathering up information for the series you're about to read over the coming weeks. As I travel and speak to large enterprises...
Posted By RafalLos On July 13, 2008 | No Comments | Trackbacks | Permalink
0
Comments

» Top Five Web Application Vulnerabilities 6/23/08 - 7/06/08

1) Novell Groupwise WebAccess Simple Interface Cross-Site Scripting Novell Groupwise WebAccess is susceptible to a Cross-Site Scripting vulnerability. An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in...
Posted By mark.painter On July 07, 2008 | No Comments | Trackbacks | Permalink
More Posts Next page »
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.