All Blog Posts Tagged 'Application' (21)

Top 5 Technologies To Protect Against Zero Day Malware

Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach. Traditional security tools are proving to be ineffective against such attacks as evidenced by the ubiquitous stories of successful breaches.  In this time, it is considered that the more security tools you have the better secure you are which is…

Continue

Added by Atul kumar Singh (CISO Platform) on August 22, 2016 at 10:15am — No Comments

SAP Security for CISO’s. Part two: Beginner’s introduction to SAP

This time we will speak about SAP in particular. So, what is SAP? First of all, SAP is a German company that develops and sells business software. SAP is famous for its ERP system - the most widespread business application. However, SAP provides much more than just an ERP. In 2005, it introduced its SAP Business Suite – a number of integrated business applications such as ERP, CRM, PLM, SCM, and SRM. These business applications consist of different components. For example, ERP includes…

Continue

Added by Alexander Polyakov on February 15, 2016 at 1:30am — No Comments

SAP Afaria Stored XSS vulnerability - detailed review

Today we will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways.

In a nutshell, MDM is a set of services that help an administrator of a large company to control the mobile devices (smartphones, tablets, phablets and so on and so forth) of employees, thus establishing the security measures of corporate data stored and processed on those devices. A special application called MDM client is installed on…

Continue

Added by Alexander Polyakov on November 25, 2015 at 8:32pm — No Comments

Securing SAP Systems from XSS vulnerabilities Part 3: Defense for SAP NetWeaver J2EE

From the developer’s perspective

For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class StringUtils (com.sap.security.core.server.csi.util.StringUtils):

  • escapeScriptEndTag(String pStr) - Prepare a string to be used for a javascript…
Continue

Added by Alexander Polyakov on August 25, 2015 at 5:47pm — No Comments

Oracle Security: Researchers' response to the post by Oracle CSO Mary Ann Davidson

Hello, dear readers! Today I would like to talk about Oracle Security.

On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post was discussed by multiple resources such as…

Continue

Added by Alexander Polyakov on August 24, 2015 at 6:38pm — No Comments

SAP Passwords part 2: SAP HANA Secure Storage. How it works

In our previous article we’ve already covered how SAP ABAP Security Storage works. Today’s post is dedicated to SAP HANA Security Storage.

SAP HANA is a recent key product of SAP. It is a software solution based on the in-memory technology, that reduces the time of the data processing significantly.

This product has obviously caused an excitement among large enterprises interested in…

Continue

Added by Alexander Polyakov on June 24, 2015 at 4:00pm — No Comments

Securing SAP Systems from XSS vulnerabilities Part 1: Introduction

With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. XSS is by far one of the most popular vulnerability indeed in all products and a most popular vulnerability in SAP products with total number of 628 vulnerabilities that is almost 22% of all vulnerabilities ever found in SAP during 12 years. You can find this in our latest research…

Continue

Added by Alexander Polyakov on June 17, 2015 at 3:45pm — No Comments

Bypass Firewalls, Application White Lists, Secure Remote Desktops in 20sec

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 3:30am — No Comments

Instrumenting Point-of-Sale Malware

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 3:00am — No Comments

Client Side HTTP Cookie Security

Added by CISO Platform on August 14, 2014 at 2:40am — No Comments

A Journey to Protect Points of Sale

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 2:30am — No Comments

A Tour through the Dark Side of the Internet

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 2:30am — No Comments

Attacking the Traveling Salesman

Added by CISO Platform on August 14, 2014 at 2:20am — No Comments

Checklist to Evaluate A Cloud Based WAF Vendor

These days’ web applications are under siege. Commercially motivated Hackers, bots, and fraudsters are attacking around the clock, attempting to steal data, disrupt access, and commit fraud which today’s next generation firewall, IPS and other network security product are unable to safeguard. So in order to prevent…

Continue

Added by pritha on July 4, 2014 at 1:00am — No Comments

Checklist for PCI DSS Implementation & Certification

PCI DSS – Stringent but Exhilarating to Implement (Project PCI DSS Implementation & Certification)

PCI DSS stand for Payment Card Industry Data Security Standard is a robust, comprehensive, technology driven, transparent, explicit standard to enhanced security controls around payment card and related account data by ensuring the safe handling of card…

Continue

Added by pritha on June 24, 2014 at 8:00pm — No Comments

Security Technology Implementation Report: Annual CISO Survey

We are happy to announce the results of the annual survey of Security Implementation Status and Industry Benchmarking (CPSMM), in which 331 companies have participated. The data has been collected through the survey conducted online as well as during Top 100 CISO Awards. We have planned a series of interesting information which shall provide…

Continue

Added by pritha on January 31, 2014 at 1:00am — 3 Comments

Database Security Vendor Evaluation Guide



Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

( Read more: …

Continue

Added by CISO Platform on August 28, 2013 at 2:00pm — No Comments

My Key Learning While Implementing Database Security



Top steps during the implementation of a project related to Database Security



1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…

Continue

Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments

Why AppSec (Application Security) won't always bail you out of application based risks?

WHY APPSEC (APPLICATION SECURITY) WON’T ALWAYS BAIL YOU OUT OF APPLICATION BASED RISKS?

It is very typical of organizations to perform Web Application (WebApp) Security Assessments before the go-live of newer applications or periodic assessments of their existing applications. And these assessments are known by all sorts of aliases like Application Penetration Testing (App PenTest), Ethical Application Hacking etc. For those companies lacking the internal core…

Continue

Added by Dhananjay Rokde on June 27, 2013 at 11:00am — No Comments

Top 5 Application Security Technology Trends

 

 1.    Run Time Application Security Protection (RASP)

Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.

RASP is an integral part of an application run time environment and can be implemented as an extension…

Continue

Added by bikash on May 14, 2013 at 6:30pm — No Comments

Monthly Archives

2017

2016

2015

2014

2013

2012

1999

 

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2017   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts