Browse by Tags - HP Application Security Center Community
United States-English
Home - Tab - Selected
» Blogs - Tab
» Forums - Tab

Browse by Tags


HP Application Security Center Community » All Tags » security (RSS)

» Static Code Analysis Failures

Static code analysis failures are costing enterprises money and reputation. White-box security testing is inherently a flawed proposition for many reasons -but it all comes down to a very simple concept: Machines do not execute source code, they execute machine code (compiled code). --Paul Anderson ...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 05-06-2008

» Security and Compliance - Strange Bedfellows Indeed

It's a classic problem of which came first... the chicken or the egg? politics or corruption? security or compliance? While I admit, it's not such a strange thing to see the two groups working together these days... I would like to point of some of the issues that I've come across between...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 05-01-2008

» In "cyberspace"... no one can hear your database scream

It's 2:34am, local time. You're snoring up a storm after a hard day at the office. You've patched all your servers, your lockdown scripts have been verified, and your IDS is humming along perfectly. Oh, and by the way, someone named "R0kk1t" just stole your customer database. A...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 04-09-2008

» "Security Vulnerability" != "Defect" ; why?

It's one of those obvious things. A defect is a defect, right? Whether the airbag is faulty, or the gas cap doesn't hold pressure... a defect is a defect. The strange thing is - it hasn't been that way, and still isn't that way, in most of the IT shops I've been in. Why? The reason...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 04-01-2008

» Ajax Security more than Increased Attack Surface

I got an email from Christ1an the other day asking me what Ajax Security was all about. I was just going to send him the table of contents to the book, but I thought it might be educational to see how the components of Ajax security relate, and where they come from. In Jeremiah's fascinating Web...
Posted to The HP Security Laboratory (Weblog) by Billy on 11-07-2007

» The real reason for (JavaScript|JSON) Hijacking

When JSON hijacking was first discussed and demonstrated in 2006 and 2007 by Whitehat, Fortify and others, all of the proof of concepts used Mozilla specific JavaScript extensions like setter or __defineSetter__ . This led many people to believe that these vulnerabilities only existed in Mozilla-derived...
Posted to The HP Security Laboratory (Weblog) by Billy on 08-27-2007
Page 1 of 1 (6 items)
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.