Tired of constantly logging into your applications? Don't you wish they would just remember you each time you visit, logging you right in? It isn't as always easy to achieve such a status. There are multiple ways remember me can be implemented. Lets take a look at some of them. Remember UserName One of the most common ways for a site to implement the remember me functionality is to remember the username only. The username is typically stored in a cookie on the client's computer. … [Read more...] about Remember Me Features
awareness
When One Testing Solution Isn’t Enough
Go to any conference, attend some webinars, or just do a search for application security testing solutions and you can quickly see the sheer number of solutions out there. As in every situation, there are some that are great and some that are not so great. With such great marketing, it is often very difficult to determine what is the best solution. All too often people are looking for that silver bullet. That one testing tool or pen testing company that will find everything. Unfortunately, … [Read more...] about When One Testing Solution Isn’t Enough
The FTC’s “Start with Security: A Guide for Business” Document
The FTC recently released a document to help companies learn from others' security mistakes. The document titled Start with Security: A Guide for Business. It provides ten (10) different security lessons learned by other companies, included below: Start with security. Control access to data sensibly. Require secure passwords and authentication. Store sensitive personal information securely and protect it during transmission. Segment your network and monitor who's trying to get in and … [Read more...] about The FTC’s “Start with Security: A Guide for Business” Document
Tips for Protecting Credit Card Information
Turn on the news and you will see a breach announced for some company. It is happening all the time. In most cases we, as consumers, accept the risk for the convenience of using a credit card for purchases. While there isn't much you can do to protect your information once you have given it to a business, there are some things you can do to help reduce your risk while shopping online. Scan for Malware Most of our online purchases happen from our own computer indicating that this is where we … [Read more...] about Tips for Protecting Credit Card Information
Best Practices for Cyber Incident: DoJ Released Guide
Breaches and other security incidents are happening all of the time, and can happen to anyone. Do you know what to do if an incident occurs in your backyard? The Department of Justice recently released the Best Practices for Victim Response and Reporting of Cyber Incidents to help you understand the process. Looking through the 15 page document, there are quite a few great points that are made. Here are just a few examples of what are included. I encourage you to check out the entire … [Read more...] about Best Practices for Cyber Incident: DoJ Released Guide
Is HTTP being left behind for HTTPS?
A few years ago, a FireFox plugin was created called FireSheep. This tool was designed to sniff network traffic looking for common websites that were being visited over HTTP. HTTP sends the traffic between your system and the server in clear text. If it found a request/response of an authenticated user, it would capture the session cookie and allow the user of FireSheep to hijack the current session. While the site most likely performed the initial authentication with the … [Read more...] about Is HTTP being left behind for HTTPS?