All Questions
15
questions
1
vote
2
answers
394
views
Security code review recommendations [closed]
I've been writing software for ~7 years and have been actively interested in security for ~2-3. This interest has been entirely self-motivated and primarily on the attack side; I've written several ...
- 135
3
votes
1
answer
921
views
Is IP address whitelisting useful if the IP address is not “secret”?
I'm working on an application that will have access to API keys supplied by our users. The application makes API calls on behalf of our users.
The API we're using allows users to whitelist IP ...
- 33
1
vote
0
answers
112
views
How can I perform DAST on protocols other than HTTP/HTTPS
How can I perform DAST on protocols other than HTTP/HTTPS in case of a web application which does not have an URL but communicates with many other systems to pull or push data.
- 19
1
vote
1
answer
626
views
Security in transferring sensitive data over web apps
I am working on an app that has to transfer sensitive data over HTTPS and I have an idea but I am wondering if it is overkill or good.
One of the issues is I need the ability to "share data" between ...
- 113
2
votes
0
answers
499
views
Security Questions I should be asking my developers [closed]
I am looking for a comprehensive list of security related questions I should be asking my developers. I have done some research on the net and have yet to find a great list of questions I should be ...
- 21
0
votes
3
answers
648
views
What are some metrics to be used to evaluate SaaS security?
What are some metrics to be used to evaluate a SaaS app's security?
Some examples:
static code analysis (Fortify)
code coverage (bugs being a potential source of vulnerabilities)
others?
In case it ...
- 374
0
votes
3
answers
1k
views
Exploiting a desktop application
I'm studying application security and now I have a question which I couldn't find a good answer.
Assume I have a vulnerable desktop application in my virus-free windows 7 PC. Let's say when the file ...
- 366
1
vote
1
answer
160
views
Questions to confirm a good standpoint on web app security?
What should be the questions asked to assess a company on web app security?
Our company is in process of partnering with another company in order to outsource web app security work to them. For us ...
- 1,600
4
votes
1
answer
879
views
Installing profile on "Good" Mail application give someone admin permission on my iPhone
My new enterprise use the app "GOOD" for the emails.
But to use it, I have to install a GOOD profile with description : "Install this profile to enroll to encrypted profile service". If I choose "...
- 145
5
votes
3
answers
8k
views
Security Scanning for Desktop Applications
Our company develops Windows desktop applications. We offer off the shelf solutions - not custom development. A potential new customer wants to add a section to our standard contract that requires ...
- 151
1
vote
1
answer
249
views
How does a PCI QSA audit a company?
Corporate setups are often complex with data centers in multiple locations, complex ACL's and networks setup between them.
How does a PCI auditor actually audit the systems ?
How does he get to know ...
- 2,118
1
vote
2
answers
690
views
Our company needs to conduct an audit of a large ASP.NET solution that was developed for us by a development company. [closed]
What professional standards and practices are recommended for guiding such an effort?
- 31
7
votes
2
answers
2k
views
Established Security Design Patterns?
In software engineering, a design pattern is a general reusable solution to a commonly occurring problem within a given context in software design. Wikipedia lists many different design patterns for ...
- 7,495
1
vote
1
answer
1k
views
Windows Session Recording Software
I'm trying to monitor connections and actions made by administrators (or any user connecting) to a server through TSE (i'm simplifying).
I've heard about a software which can record a video of any ...
- 41
6
votes
2
answers
761
views
Advice for writing my first application security review
I wish to write a security review for a specific windows server/client application that runs on a closed LAN or WAN (between 1 and 200+ users across multiple sites); it's not a web-application. The ...
- 163