About this trail:
This is an excellent article discussing the difficulties of writing secure application software. It details many of the common flaws and recommends a "mindset" that your entire team, especially your developers, should follow.
Trail link: http://www.trailfire.com/OneStopAppSecurity/trails/63872
Summary: http://www.trailfire.com/OneStopAppSecurity/trailview/63872
Summary: http://www.trailfire.com/OneStopAppSecurity/trailview/63872
0
0
Tags
Similar Trails
1
This section provides an excellent overview of the mindset developers must have. It can be summed up by quoting The X-Files: "However paranoid you are, it is not enough." While there are many rules to follow, in general, developers must always be in a state of frenzied paranoia about a successful attack against their application.
2
Another excellent article from TechnicalInfo.net describing the difference between security audits and assessments as well as how to choose a partner to aid in the assesment.
3
An important distinction between Simple DoS attacks and Distributed DoS attacks is omitted here. A Simple DoS attack, while not clearly defined, generally refers to an attacker where the attacker has significantly less hardare at their disposal than the attacked application. A Distributed DoS is the opposite - i.e.: an attack where the attacker has comparable or even more hardware than the attacked site.
The distinction is important because Distributed DoS attacks are virtually impossible to defend against. One of the bigger botnets can take out about any application or site. On the other hand, if your application or site can be taken out by a geek in his basement with a few computers, then you have Simple DoS vulnerabilities that need fixing.
The distinction is important because Distributed DoS attacks are virtually impossible to defend against. One of the bigger botnets can take out about any application or site. On the other hand, if your application or site can be taken out by a geek in his basement with a few computers, then you have Simple DoS vulnerabilities that need fixing.
