smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: Mobile Apps Security – Are you worried?
http://smartsecurity.blogspot.com/2011/07/mobile-apps-security-are-you-worried.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Tuesday, July 26, 2011. Mobile Apps Security – Are you worried? Data Stored on Mobile Devices. In most mobile application designs, it is observed that the mobile device stores or caches some information. Due to limited constraints on the. Moving Substantial Business Logic Client Side. Relying on Client Side Data Validation. In current business scenarios, users need to access enterprise applications both from the web and the mobile devices&...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: Getting Hands Dirty with Ettercap Tool
http://smartsecurity.blogspot.com/2010/06/getting-hands-dirty-with-ettercap-tool.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Monday, June 28, 2010. Getting Hands Dirty with Ettercap Tool. Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Subscribe to: Post Comments (Atom). View my complete profile. ACE Team at Micr...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: March 2010
http://smartsecurity.blogspot.com/2010_03_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Wednesday, March 10, 2010. About the 'Rugged' Initiative. As most of the readers on my blog would be knowing, the Security experts in February launched a new effort to ensure software is written from the ground up with security in mind - a philosophy and message they're aiming at people outside of the security industry. The Indian IT industry spends so much on training costs, as more than 70% of fresh graduates are not employable/productiv...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: March 2011
http://smartsecurity.blogspot.com/2011_03_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Thursday, March 17, 2011. IRCTC - India's Rail Ticket Booking Website which is sought to be a secure platform for the citizens booking their tickets has few simple security configurations missing. An example is the auto-complete not set to off on their payments page - a practice which most of the secure web applications follow for sensitive pages right from login page. Below is a snapshot. Links to this post. Tuesday, March 15, 2011. How T...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: What do you say? Yes / No / Don't Care
http://smartsecurity.blogspot.com/2011/09/what-do-you-say-yes-no-dont-care.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Wednesday, September 28, 2011. What do you say? Yes / No / Don't Care. Subscribe to: Post Comments (Atom). He is involved in Application Security Consulting and establishing App Security across SDLC. He also conducts security workshops for the developer community. Besides interest in App Security, he likes Performance Testing and tuning of web applications. View my complete profile. AppSec: SearchSecurity.IN TechTarget. What do you say?
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: October 2009
http://smartsecurity.blogspot.com/2009_10_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Thursday, October 08, 2009. Application security should be addressed in initial SDLC stages. IT applications are akin to the organization's blood vessels because they carry critical information and execute key processes. However, due to a peripheral approach to security, application security is often neglected. If you estimate risk correctly from the beginning, it will also help you to save on costs. According to an industry statistic,...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: August 2009
http://smartsecurity.blogspot.com/2009_08_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Friday, August 28, 2009. No Built-In Response.HTMLEncode in Java. Why doesn't Java have a built-in HTMLEncode function? With security vulnerabilities like Cross-Site Scripting (XSS) luring around since so many years, I am wondering why hasn't Java yet come up with its own function for Encoding chars which are malicious. I believe 'Sun' . sorry.'Oracle' should think of having this simple thing built-in. Links to this post.
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: January 2010
http://smartsecurity.blogspot.com/2010_01_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Tuesday, January 26, 2010. Plenty of (IN)Secure Broadband Routers. For the Wireless Routers still exists in most parts of the country. The Mumbai terror attacks did bring in a concern for people using Wireless Networks and not have secured them. However, time and again I have been still snooping into the so-called. Wireless Networks because the routers admin password is still set to default. Crazy! 3 things that I see from this point:.
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: OTP adoption from India to the US?
http://smartsecurity.blogspot.com/2010/11/otp-adoption-from-india-to-us.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Monday, November 01, 2010. OTP adoption from India to the US? One Time Password (OTP) is a password that is valid for only one login session. It is a popular authentication mechanism in India. It is essentially in use with Banking and Stock Broking Apps to do a two-factor authentication. SMSes on your registered mobile phone is been predominantly used as a medium to accomplish this second factor of authentication. It would be also nice if ...
