smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: October 2009
http://smartsecurity.blogspot.com/2009_10_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Thursday, October 08, 2009. Application security should be addressed in initial SDLC stages. IT applications are akin to the organization's blood vessels because they carry critical information and execute key processes. However, due to a peripheral approach to security, application security is often neglected. If you estimate risk correctly from the beginning, it will also help you to save on costs. According to an industry statistic,...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: Mobile Apps Security β Are you worried?
http://smartsecurity.blogspot.com/2011/07/mobile-apps-security-are-you-worried.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Tuesday, July 26, 2011. Mobile Apps Security β Are you worried? Data Stored on Mobile Devices. In most mobile application designs, it is observed that the mobile device stores or caches some information. Due to limited constraints on the. Moving Substantial Business Logic Client Side. Relying on Client Side Data Validation. In current business scenarios, users need to access enterprise applications both from the web and the mobile devices&...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: Getting Hands Dirty with Ettercap Tool
http://smartsecurity.blogspot.com/2010/06/getting-hands-dirty-with-ettercap-tool.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Monday, June 28, 2010. Getting Hands Dirty with Ettercap Tool. Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Subscribe to: Post Comments (Atom). View my complete profile. ACE Team at Micr...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: March 2010
http://smartsecurity.blogspot.com/2010_03_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Wednesday, March 10, 2010. About the 'Rugged' Initiative. As most of the readers on my blog would be knowing, the Security experts in February launched a new effort to ensure software is written from the ground up with security in mind - a philosophy and message they're aiming at people outside of the security industry. The Indian IT industry spends so much on training costs, as more than 70% of fresh graduates are not employable/productiv...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: March 2011
http://smartsecurity.blogspot.com/2011_03_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Thursday, March 17, 2011. IRCTC - India's Rail Ticket Booking Website which is sought to be a secure platform for the citizens booking their tickets has few simple security configurations missing. An example is the auto-complete not set to off on their payments page - a practice which most of the secure web applications follow for sensitive pages right from login page. Below is a snapshot. Links to this post. Tuesday, March 15, 2011. How T...
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: What do you say? Yes / No / Don't Care
http://smartsecurity.blogspot.com/2011/09/what-do-you-say-yes-no-dont-care.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Wednesday, September 28, 2011. What do you say? Yes / No / Don't Care. Subscribe to: Post Comments (Atom). He is involved in Application Security Consulting and establishing App Security across SDLC. He also conducts security workshops for the developer community. Besides interest in App Security, he likes Performance Testing and tuning of web applications. View my complete profile. AppSec: SearchSecurity.IN TechTarget. What do you say?
smartsecurity.blogspot.com
Smart Security by Dharmesh M Mehta: August 2009
http://smartsecurity.blogspot.com/2009_08_01_archive.html
Smart Security by Dharmesh M Mehta. An Application Security Blog. Friday, August 28, 2009. No Built-In Response.HTMLEncode in Java. Why doesn't Java have a built-in HTMLEncode function? With security vulnerabilities like Cross-Site Scripting (XSS) luring around since so many years, I am wondering why hasn't Java yet come up with its own function for Encoding chars which are malicious. I believe 'Sun' . sorry.'Oracle' should think of having this simple thing built-in. Links to this post.
memetic-thoughts.blogspot.com
Arun's Memento: Isn't that Impossible?
http://memetic-thoughts.blogspot.com/2009/07/isnt-that-impossible.html
Thursday, July 30, 2009. The contents of this article are original works of Dharmesh M. Mehta taken verbatim from his blog posting at http:/ smartsecurity.blogspot.com/2009/06/isnt-that-impossible.html. I liked the way Dharmesh captured the common arguments people make for not implementing security in a surrealistic way and hence posting it here too. Permissions from original author:. Not every organization and their people know about software security issues nor do they respect the same. 8226; βTh...
memetic-thoughts.blogspot.com
Arun's Memento: September 2010
http://memetic-thoughts.blogspot.com/2010_09_01_archive.html
Monday, September 27, 2010. I am a big fan of Steven McConnell's body of work. I came across an interesting piece which deserves sharing promptly for practioners of Software Engineering. Some of the outlined Descriptions of Mistakes make for an interesting read and it evokes a feeling of Deja Vu for those who have been through it. Abandonment of planning under pressure. Adding people to a late project. Assuming global development has a negligible impact on total effort. Multi-site development increases c...
