Web sites today face many threats to the confidentiality and integrity of the data used and the functionality provided by the application. This problem is compounded by the fact that Web developers are simply lack of either adequate knowledge and skills in writing secure Web application codes (Huang et al., 2005) or sufficient testing methodologies for the audit and control of Web development (Mansouir and Houri, 2006). Works in the design and implementation of security measures for Web applications are greatly in need.
Read the rest of this entry »

• 0 Comments

The most striking technology application in this century is the impact of web on the human life. The current period has witnessed the increased use of web to a greater extent and the Web 2.0 has made the cyberspace as the global information space. Web 2.0 is a collection of technologies and services that allow increased user-creator interaction, content syndication, advancements in web-based user interfaces, which ultimately lead to the creation of an entirely new application platform.
Read the rest of this entry »

• 0 Comments

The definition of Web 2.0 is still being debated despite extensive discussion. Its staunchest advocates proclaim it a complete philosophical and technological reworking of how the web functions. Others declare that it is meaningless. However, most agree on common characteristics of a Web 2.0 application, such as increased interactivity, the acceptance of user input for building community and a reliance on client-side functionality. Additionally, Web 2.0 applications can be more vulnerable to exploitation by hackers than their predecessors. Hackers spend most of their time gathering information. When Web 2.0 applications push functionality and code to users, they provide hackers with information that can be used for formulating attacks. Often, old attacks such as cross-site scripting become more dangerous when used against Web 2.0 applications. This white paper defines some of the common technological components of Web 2.0 applications and discusses ways of securing them against exploitation.
Read the rest of this entry »

• 0 Comments

What on earth is Web 2.0? Web 2.0 carries a high profile and surrounding hype. Developers must surely be feeling the heat to quickly adopt the new second generation of dynamic, interactive and simple by design technologies.

Web 2.0 is the term pioneered by O’Reilly for new generation Web applications.Live.com, start.com, Google maps, Google Docs, YouTube, Flickr, and MySpace are few examples. Adaptation of this technology vector has changed the web application development approach and methodology significantly.AJAX (Asynchronous JavaScript), RIA(Rich Internet Applications) and Web Services form the core components of Web 2.0applications.
Read the rest of this entry »

• 0 Comments

This paper details various security concerns and risks associated with web 2.0 technologies such as Asynchronous Java script and XML (AJAX), Syndication, aggregation and notification of data in RSS or Atom feeds, mashups created by merging content from different sources. This paper also describes the security implications leading with the usage of web 2.0 technologies such as AJAX, RSS, and Mashups. Increase in application functionality leading to the emerging new web technologies (web 2.0). These new web technologies open more avenues to security threats to the online applications and users. Efficient protection mechanisms should be considered when dealing with web 2.0 technologies usage.
Read the rest of this entry »

• 0 Comments

Napera delivers a straightforward solution to the network health challenge that is easy to use and manage. The Napera N24 enforces network health and identity without the cost and complexity of large enterprise products.

This guide will walk you through installation and some of the key features of the Napera N24. This evaluation guide follows a stepwise method, building from gigabit switching functionality to full health and authentication requirements for enforced ports.
Read the rest of this entry »

• 0 Comments

The most significant differences between Microsoft’s Network Access Protection architecture and other NAC architectures you see in the iLabs come because Microsoft does not make switches or routers. Therefore, the path for handling enforcement is different, focusing on server enforcement and standards-based switch enforcement. The original intent of MS-NAP was not security, but to find and quarantine non-compliant clients in the enterprise LAN. As the interest in NAC has increased, Microsoft has adjusted their architecture to include more enforcement mechanisms. In early 2007, the Trusted Computing Group (TCG) and Microsoft announced interoperability between TNC and NAP thus opening the door for a single unified Network Access Control client
Read the rest of this entry »

• 0 Comments

A Web service is a network of coordinated applications in the backend behind an http-governed Web server. The Web server is addressed by http-clients across the Internet. ASP.NET is one example for the coordination technology. However, the security analysis holds for Web services in general, not only for ASP.NET.
Read the rest of this entry »

• 0 Comments