This is AppSecInsider's Typepad Profile.
Join Typepad and start following AppSecInsider's activity
Join Now!
Already a member? Sign In
AppSecInsider
IBM Application Security Insider
Recent Activity
Building Rich Internet Applications Models: Example of a Better Strategy
Crawling “classical” web applications is a problem that has been addressed more than a decode ago. Efficient crawling of web applications that use advanced technologies such as AJAX (called Rich Internet Applications, RIAs) is still an open problem. Crawling is... Continue reading
Posted Jun 19, 2013 at IBM Application Security Insider
Comment
0
AppScan Enterprise v8.7 performance improvements
Image
In March 2013, we released version 8.7 of AppScan. One of the focus areas for that release was to improve the scalability and performance of the enterprise components of the solution, specifically the AppScan Enterprise Server and AppScan Enterprise Dynamic... Continue reading
Posted May 29, 2013 at IBM Application Security Insider
Comment
0
Practical mobile app security scanning tips
Image
In this hands-on article, learn how to use IBM Security AppScan Standard with mobile user agents, as well as emulators and actual devices for Android and iOS. Continue reading
Posted Apr 17, 2013 at IBM Application Security Insider
Comment
0
Research Awards for Project on Crawling Mobile and Rich Internet Applications
2012 IBM CAS Project of the Year: Efficient and Scalable Mapping of Mobile and Complex Rich Internet Applications for Automated Security Testing The ability to “crawl” Web sites and Web applications is at the core of the Internet. Crawling is... Continue reading
Posted Jan 3, 2013 at IBM Application Security Insider
Comment
0
Find Security Vulnerabilities in Android Apps
Mobile security can be tested in a variety of ways. You can apply black box testing to test the server side logic that your mobile app is working with, as we've recently blogged about. You can also apply static analysis... Continue reading
Posted Dec 10, 2012 at IBM Application Security Insider
Comment
1
Understanding AppScan Test Policies
Image
IBM Security Appscan provides automated security scanning of web applications. Did you know that you can apply test policies within IBM Security AppScan to cover particular aspects of the scan? Using the right policy produces optimal scanning results and reduces... Continue reading
Posted Dec 3, 2012 at IBM Application Security Insider
Comment
0
Use Traffic Viewer to Unlock Ultimate AppScan Power-User Secrets
If you have ever worked with an AppScan expert they probably got you to install the AppScan Traffic Viewer. This tool is the Swiss army knife of the AppScan Power user containing a multitude of support features and giving you... Continue reading
Posted Oct 15, 2012 at IBM Application Security Insider
Comment
0
Out with the old, in with the new - IBM Security AppScan Standard 8.6 released!
Image
If you’re the kind of person that likes taking a look under the hood, then get ready to dive into the new IBM Security AppScan Standard 8.6 and take a peek at what we did for this release. By the... Continue reading
Posted Aug 27, 2012 at IBM Application Security Insider
Comment
0
The New Frontier - Securing Mobile Apps (WEBCAST)
Image
Let's talk about mobile security, shall we? We can see that smartphones and tablets are everywhere, taking their place as dominant collaboration devices in enterprises. Many organizations are struggling with understanding the implications of developing and deploying apps to new... Continue reading
Posted Aug 13, 2012 at IBM Application Security Insider
Comment
1
The Most Comprehensive Web Application Security Scanner Comparison Available Marks AppScan Standard as the Leader (Again)
Image
Once again, AppScan has proven to be the leader of web application security testing tools, in a recent benchmark of over 60 commercial and open-source tools published by Shay Chen. Attack vector comparison (taken from the WAVSEP benchmark review) The... Continue reading
Posted Aug 6, 2012 at IBM Application Security Insider
Comment
0
F4F Technology Helps You Analyze Applications For Security
Image
By Babita Sharma, Michael Hua Xiao Most modern web applications are built using web application frameworks, such as Enterprise JavaBeans (EJB), Apache Struts and JavaServer Faces (JSF). These frameworks simplify web application development by providing higher-level abstractions for common tasks.... Continue reading
Posted Aug 2, 2012 at IBM Application Security Insider
Comment
0
Microsoft Windows Shell Command Injection - MS12-048 (CVE-2012-0175)
Image
CVE-2012-0175 Background Windows File Association allows an application to define a handler that should be called for each operation on a specific file type. For example, WinRAR registers the file type .RAR in the following manner: The Open action defined... Continue reading
Posted Jul 16, 2012 at IBM Application Security Insider
Comment
6
Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability (CVE-2011-1252)
HTML Sanitizing Information Disclosure - CVE-2011-1252 Introduction The JavaScript function toStaticHTML, which is found in Internet Explorer 8 and Internet Explorer 9 is used to sanitize HTML fragments from dynamic and potentially malicious content. If an attacker is able to... Continue reading
Posted Jul 8, 2012 at IBM Application Security Insider
Comment
0
Automated Blackbox Crawling: The Next Generation
Automated crawling of web applications is the first step in automating web application security analysis. Without a proper crawl, automated testing of vulnerabilities will reveal incomplete results (AKA "False Negatives"). Modern web technologies, like AJAX, result in more responsive and... Continue reading
Posted Jun 26, 2012 at IBM Application Security Insider
Comment
0
AppSecInsider has shared their blog IBM Application Security Insider
May 21, 2012
Anshum, Can you elaborate on the structure of the RESTful requests?
Toggle Commented Mar 12, 2012 on Testing RESTful Services with AppScan Standard at IBM Application Security Insider
@Dotnetchris - have you bothered to look in the "Acknowledgments" section of the Microsoft security bulletin? It was *our team* that disclosed this to Microsoft. We then waited for Microsoft to patch this issue, and only then published the full details of the issue. That's called responsible disclosure. There's no FUD here, just technical details.
Toggle Commented Feb 26, 2012 on Microsoft Anti-XSS Library Bypass (MS12-007) at IBM Application Security Insider
JSON-based XSS exploitation
JSON rendering in Internet Explorer In the world of Web2.0 and mash web applications, security researchers come across more and more XSS vulnerabilities that are reflected in non HTML responses. For example, JSON responses are becoming more and more common,... Continue reading
Posted Oct 24, 2011 at IBM Application Security Insider
Comment
2
The Ultimate Web App Security Scanner Comparison Published - AppScan Standard Leads the Pack
Image
>>>> See the most recent results of the 2012 WAVSEP benchmark! <<<< Shay Chen, an Information Security consultant and blogger, recently published the latest results of his ultra-thorough web application security scanner comparison. The survey, covered 60(!) different open source... Continue reading
Posted Aug 3, 2011 at IBM Application Security Insider
Comment
0
Close Encounters of the Third Kind
As promised in my last blog post, we recently published a new whitepaper on the subject of client-side JavaScript vulnerabilities. Below you can find a short excerpt from the whitepaper: In the past 10 years, many whitepapers, research articles, and... Continue reading
Posted Jan 6, 2011 at IBM Application Security Insider
Comment
0
Scanning for Client-Side JavaScript Vulnerabilities
Image
In a few weeks, our team is going to publish a new research whitepaper, which explores the prevalence of client-side JavaScript vulnerabilities such as DOM-based XSS, in real world web applications. For this research, we used a new IBM technology... Continue reading
Posted Nov 22, 2010 at IBM Application Security Insider
Comment
0
Just a quick fact correction - Quote: "When the WAF market started, PCI was the biggest driver and WAFs were seen as a “checklist technology.”" PCI DSS was first released in December 2004, while the first WAF (AppShield) was released in 1998.
Toggle Commented Jun 25, 2010 on Imperva Perspective: Trustwave Buys Breach Security at Imperva Cyber Security Blog
1 reply
Cross-Site Scripting through Flash in Gmail Based Services
Image
Background I recently discovered a cross-site scripting through Flash issue in Gmail. Not only did it expose Gmail users to full account hijacking, but it also exposed corporate users that rely on Gmail through the Google Apps initiative. Technical Details... Continue reading
Posted Mar 23, 2010 at IBM Application Security Insider
Comment
7
AppSecInsider is now following The Typepad Team
Mar 15, 2010
Why Your Static Analysis Scanner Should Use String Analysis
I just read an awesome blog post at “Schmoilitos Way”, that describes a scenario, in which, someone ran a static analysis tool, found a vulnerability, patched it using a faulty input validation routine, and then re-ran the scan, this time... Continue reading
Posted Nov 17, 2009 at IBM Application Security Insider
Comment
1
Subscribe to AppSecInsider’s Recent Activity
The Typepad Team
View all »
Queen
Rae-Lynn Perkins
slobass
the idea girl
Saxynrs
ecru64
View all »
0 Favorites
Blogs and Sites
Around The Web