Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- Web security

  How does CSDN dare to use plain text as password?

Recently, the China's largest Chinese IT community website named CSDN leaked its user's account information. Later today CSDN made an announcements to its users on their website. The announcement said that some user account information was leaked and the passwords of the accounts were stored as plain text in their database before 2009, and after 2009, they adopted an encryption algorithm to encrypt user password. They urged all users who registered the account before 2009 to change their passwor...

   Security,Information leak,CSDN,Plain text     2011-12-22 09:10:01

  8 very useful and free web security testing tools

With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...

   Website, security,Web security,Attack     2012-07-22 10:59:09

  Severe SSL 3.0 vulnerability to be released

According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...

   SSL,Security vulnerability, The Register     2014-10-14 22:22:39

  Turn on SecurityManager in Java

SecurityManager in Java is to check whether the application codes can access some restricted resource such as file, socket etc. This can be used in applications which have high security requirements. With this feature turned on, our system resources can be secured with only permitted operations. When JVM starts, it will first check whether the SecurityManager is on by checking the system property java.security.manager, if it's on, then an instance of SecurityManager will be created and it can be...

   SecurityManager,enable,program     2013-12-16 05:03:53

  How to check whether a web page can be loaded in iframe

Sometimes you may want to load other website's page in your own website's iframe, but due to some security concerns, other website may have security configurations which prevent you from loading their pages into your iframe. In this case, if you try to load them, you would see a blank page or a text message telling that it's prohibited. Fortunately, you can detect this before you actually decide to load it. To prevent a page from being loaded by an iframe from other site, the response ...

   HTTP,HTML,IFRAME,SECURITY,X-FRAME-OPTIONS,CONTENT-SECURITY-POLICY     2018-07-27 22:36:02

  Building Security onto Your Mobile Application

Analysts state that more than 75% of the mobile applications will fail the basic security tests in 2015 – Gartner Research. Enterprises that follow the Bring Your Own Device (BYOD) approach and facilitate mobile computing to their employees are susceptible to security threats and other vulnerabilities, unless they implement stringent security measures. In the development or deployment of mobile applications, a business can be severely impacted both financially and otherwise, if they are to...

   Web Application Development Company, iPhone App Development Company     2015-08-21 07:22:32

  Oracle released an urgent Java patch

On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...

   JAVA,SECURITY,ORACLE,NEWS     2016-03-25 08:39:59

  25 worst passwords in 2012

Weak password is a serious security vulnerability, but the majority of network users still use some universal simple character sequences as the password. SplashData recently announced the world's worst password list in 2012.  "password","123456" and "12345678" are still at top places, while others have varying,  some new passwords like  "welcome" "Jesus" "ninja","mustang"and "password1 "are in the list. With the risk of password loss, SplashData CEO Morgan Slain said we hoped netw...

   Password,Security     2012-10-25 12:04:49

  Native Client Brings Sandboxed Native Code to Chrome Web Store Apps

Wouldn’t it be great if you could create web apps using your existing C and C++ code? Native Client lets you do just that, and it is now enabled for Chrome Web Store apps in Google Chrome’s beta channel. Native Client apps live on the web platform, so you don’t need to create separate versions of your app for each operating system. Rather than relying on OS-specific APIs, Native Client apps use Pepper, a set of interfaces that provide C and C++ bindings to the capabilities o...

   C++,Web application,Native Client,Useful     2011-08-24 02:23:03

  Different types of keystore in Java -- PKCS11

PKCS11 keystore is designed for hardware storage modules(HSM). It's an interface to talk to the HSMs. It doesn't actually store any keys but provide a set of classes to communicate with the underlying HSM. The actual keys and certificates are stored on the HSMs. The reason for storing the keys and materials is to ensure security and efficiency. Since the keys are on the HSMs, they are safe to be stolen. All encryption/decryption operations are performed on the HSMs as well, this incre...

   PKCS11,keystore,HSM,Java     2015-01-08 00:39:12

RECENT