Secure Web App Development
Secure Web App Development The first five minutes is for every developer. The remaining part is for security professionals.
Verifying Link Security
The beauty of the internet is the hyperlink. All objects in the cyberspace are essential represented by a link or URL. Obviously, this includes malicious code. Delivering an email to a user with a link to a website hosting malicious code is the first step in most attack. How you can verify a link is …
Home Networking Protection – DNS Filtering
When I saw this blog post, it immediately said it is a must have security device. Nowadays, home network is a given, router is in every metropolitan home. Protecting home network is not a easy task. With so many home devices that are connected 24×7 to the Internet, patching them and also doing security configuration is professional work. This …
AWS Cloud Security
Going to Vegas for the Amazon Re:Invent event is one of the best ways to learn about Cloud Computing and Cloud security. And the second best of course is to just browsing the slide decks or videos of the event, from your office or home. So here you go, fresh from the Internet, the course …
3 factors affecting group intelligence
3 factors affecting group intelligence The first was the average social perceptiveness of the group members; The second factor we found was the evenness of conversational turn taking; You will very surprised to find out the third.
What is cloud computing?
As CSA chapter chair, I has been asked many times about what is cloud computing? 3M AVS is one excellent example of cloud, with the following characteristics usage-based, the user only pay on each image analysed deliver via Internet (remotely), the image is processed remotely access to expertise, ordinary users and SME could access to 3M research …
Browser Side Cryptography
I talked about browser based security last week. As we have more and more cloud or web delivered applications, the browser is playing an important role. Most (if not all) user interaction in browser are programmed via javascript. With Cloud Computing, client side script will be playing a ever more important role. The data security and data …
Javascript whitelisting
After last post on browser based security, a few people asked how CSP works. Basically, it is a contract between a web server and the client (i.e. the browser). The browser (being a client) is basically executing everything send to it by the web server. This is very risky when the web server is comprised (that is what happen …
Browser Based Website Security Control
Since I moved from an internal IT Risk manager to a security consulting firm, I have been involving in different discussions on web application security. These experiences made me think that browsers are not a security software and its design has little security consideration. Missing security features in browser is one of the root cause …
To Cloud Or Not To Cloud ?
If you ask the above question to the various cloud services providers, I am sure their answers are “Definite yes”. If you ask the same question to end users, their answers may end up like “I really don’t care.”. And for the question again to business owners, their answers will probably are “May-be’s” because seriously …