Archive for the ‘code’ Category
Cross Site Scripting and SQL injection explained
OWASP has a full range of videos that give you a basic view of XSS and SQL injection:
SQL injection
Full table and column traversal and site take-over is almost an inevitable consequence of non-managed user input and system output (like error messages). This OWASP video gives you a quick introduction.
Cross Site Scripting (XSS)
Easy to exploit, easy to find, highly varied – script injection in Javascript, typically to attack other users and exploit them.
You can find out more in the AppSec Tutorial Series by OWASP
OWASP Top 10 Security Threats 2010
In case you don’t have them to hand:
Last updated on April 22, 2010, the OWASP Top 10 Web Application Security Risks for 2010 are:
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management Read the rest of this entry »
Where to start with secure coding practices
Often, with coding projects that have developed organically, or with no specific security focus at the outset of the development. The question often arises where to start in securing the code one has.
The first step is to understand that there are issues to work through to retrofit security back into the code. Ideally, the code starts from a secure basis, but under some circumstances, the size or budget of the project does not allow for this.
So, how to proceed?
In terms of the code that we use to display, manage and filter user inputs before creating outputs, we know that there are a few challenges we need to mitigate in order to create a more secure data environment.
Some initial thoughts for discussion, below. Read the rest of this entry »
welcome to synch.cc
synch.cc is a Cape Town based ICT consultancy. Our main focus is on facilitating secure network communications. We implement suitable and customised systems, secure network architectures and targeted software. Our mission is to develop highly effective and secure tools and solutions through migration and integration. We give our clients the power to communicate ideas and improve business processes through personalised service, and stable and secure distributed hardware infrastructures. synch.cc consults, develops and deploys systems and databased network solutions on both conventional proprietary and Free or Open Source Software platforms (such as GNU/Linux) using a range of integrated technologies. We look at how open source software solutions can benefit the organisation.
We provide forensic system and network security audits and consultation. At synch.cc, we offer both service level (SLAs) and maintenance agreements, on-site and remote systems support and a secure network foundation for your data requirements. synch.cc – secure network communications. synchronize with today!