Month: June 2011

Data Encryption Following Recent Security Breaches

Following the numerous recent security breaches in the news, many organizations are considering the need to encrypt their enterprise data, especially sensitive data that contains personally identifiable information (Social Security Numbers are a good example) and financial information such as credit card numbers. With Oracle, we suggest Oracle Encryption using the Oracle Advanced Security Option. The ASO Option is a straight forward, no-code solution for data encryption to protect data throughout its life cycle. Implementing ASO is fairly easy, and […]

The Importance of Web Application Security

Just about every enterprise today has one or more web applications that facilitate doing business with the public. Informational web sites are just that – they provide useful information to people who want it, by putting it on the internet. Web applications, however, offer interaction with customers – a banking website, for example, lets customers access their accounts and do things such as pay bills, move money around different accounts, and so on. While you may fortify your network with […]

Looks like Gambling is coming to DC!

The District of Columbia has legalized Internet Gambling – with the government expecting to make an estimated $14 million in tax revenue in the first four years. Patrick Thibodeau of ComputerWorld examined how officials will be able to determine if the gambling is being done within DC and asked our very own Sam Alapati for his take: Sam Alapati, senior technical director of Miro Consulting, believes legalized Internet gambling is “a far superior alternative” to offshore gambling, and there is […]

OWASP Tot Ten Web Application Vulnerabilities #6: Security Misconfiguration

Security misconfigurations of key application stack components such as the operating system, the web server and the application server are all potential gateways to attacks. Unfortunately for us, most security configuration vulnerabilities are not rocket science — they’re out there for everybody to learn and use (or misuse) them. Security Misconfiguration is also a way for privileged insiders to hide their malicious activity against their firm’s systems. Usually a security misconfiguration will compromise just some part of the system, but […]

OWASP Top Ten Web Application Vulnerabilities #3: Insecure Direct Object References

Insecure Direct Object References seems a pretty unwieldy term, but the way it compromises a web application is pretty straightforward. The attacker is usually an authorized system user, who simply modifies a parameter value that directly refers to a system object so it refers to another system object for which the attacker has no authorization. Potentially, an attack using this technique can compromise all data that the new parameter can reference. The root of this type of web application vulnerability […]

In Archive