-
Articles/Tutorials
This page contains a list of articles and tutorials on issues affecting web application security and techniques to build secure applications.
Man in the Browser attack (MITB)
Understanding man-in-the-browser attacks and some of the ways to protect against it.
Tips for a successful PA-DSS validation
Things to think about before you set out to get your payment application PA-DSS validated.
Protecting web application cookies by restricting scope
This article shows how to secure web application cookies by restricting scope
Tips for secure session management
Tips to secure web application sessions and prevent session hijacking
Derived Unique Key Per Transaction - DUKPT
A description of Derived Unique Key Per Transaction (DUKPT) key management scheme.
Reduce PCI Scope with Unique Tokens
This article describes the use of unique tokens to replace credit card numbers in certain cases to make PCI-DSS compliance easier.
Tips to select a PCI-QSA
Some of the things you should consider when selecting a QSA for a PCI assessment.
Tips To Secure Your Website
With the advent of blogs and software like WordPress, anyone can now set up a web server and run a website. This article lists some simple things that anyone can do to protect your websites.
Erasing Your Mobile Phone
This article shows how you can securely erase all data from your Windows mobile phone and restore it to the factory state.
Session Fixation Attack
This article describes how a session can be hijacked using session fixation and what to do to protect your applications.
Personal Information Security - Spyware
This article is an overview of spyware and what you can do about it.
Personal Information Security - Phishing
This article discusses what phishing is, how it works and how you can protect yourself from falling for phishing scams.
Understanding Cookies
This article describes what cookies are and how they work: all you need to know about cookies.
Protect Applications Against Dictionary Attacks
This article discusses dictionary attacks and the different techniques you can use to protect your applications from these attacks.
Overview of SSL
This article discusses the purpose of SSL, how it can to protect your data and, more importantly, what it cannot do.
The SSL Handshake
This article gives a high level overview of the SSL "handshake" process. The handshake is the process of establishing an SSL connection.
Storing Passwords Securely
This article shows how you can store passwords securely in your databases using hashing and salting.
Serving Documents Securely From Web Applications
This article shows how to securely serve up Word, Excel, PDF and other documents to users from your web applications.
Input Validation Using Jakarta Commons Validator
This article shows you how to perform input validation in your Java applications using the Jakarta Commons Validator.
