Palisade Magazine
 
Securely Webifying Applications

October 2006

Securely Webifying Applications

by Roshen Chandran, CISSP

We see a recurring pattern of security errors when organizations migrate their legacy applications to the web. This Executive Briefing documents the most common security mistakes we have seen in the last 5 years.… more →

Anti-phishing - Incident Response

by Jose Varghese, CISSP, GSEC, GCIH, CBCP, BS7799 LA

As we had seen in the first two parts of the series, there are several ways of preventing and detecting a phishing attack. Even if we take all necessary precautions a successful phishing attack could still happen and we need to be prepared to respond to it. In this article we explore some of the incident response steps we can take to limit the damage.… more →

5 Tips for Securing Software as a Service

by Roshen Chandran, CISSP

Field notes on how best to secure “Software as a Service”(SaaS). We ran into 12 SaaS apps last quarter - we were asked to test them. Here’re our field notes from those assignments, our favorite security tips to SaaS developers:… more →

QuizQuiz: Identifying HTTP Request Smuggling attacks

HTTP requests go through various applications like Cache, proxy, firewall etc. before reaching to the web server. An attacker sends multiple specially-crafted HTTP requests which cause the intermediate entities between the attackers browser and web server to see different sets of requests.What type of attack is this?

  1. Cross Site Tracing attack
  2. HTTP Request Smuggling attack
  3. Cross site Request forging attack
  4. SQL Injection attack

more →

On the blog recently

Past quizzes

  • May '06 : So how does a software developer ensure that his/her application is safe from buffer overflows?
  • Jul '06 : Which of these techniques helps in preventing passwords being stolen from the browser?
  • May '07 : Which of these is not a recommended best practice for implementing CAPTCHAs?
  • Oct '08 : How does a web server specify the life time for a page to the browser's cache?
  • Jul '04 : What is the cryptographic technique to use for transmitting passwords during authentication?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award