Palisade Magazine
 
Defend against Reverse Engineering

Issue #34 July 2008

Defend against Reverse Engineering

by Roshen Chandran, CISSP

Software reverse engineering is the technique of getting the original source code from the binary. Competitors might use reverse engineering to figure out how you implemented that cool feature. Crackers might use it to see how they can bypass your license policy. Game cheats use reverse engineering, well, to cheat.… more →

The Payment Application Data Security Standard (PA DSS)

by Sangita Pakala, GCIH

PA DSS fills a gap in the more well known PCI DSS standard. Today, we’ll discuss this lesser-known standard. Remember that the biggies of the credit card industry put their heads together and came up with Payment Card Industry Data Security Standard (PCI DSS). Their aim was to protect the “Cardholder’s” data. PCI DSS was first released in 2005 and then revised in October 2006. PCI DSS has a few requirements that talk about securing web applications that deal with cardholder’s data.… more →

Cache Control Directives Demystified

by Siddharth Anbalahan

Many years ago, HTTP 1.1 introduced specialized Cache Control directives to control the behavior of browser caches and proxy caches. These were a refinement over the HTTP 1.0 headers that programmers were using to control the behavior of caches. Though these directives are several years old, we still see them being used incorrectly. In this article, we explain the meaning and relevance of the most important cache control directives.… more →

QuizQuiz: Proposal to amend Same Origin Policy

Same origin policy of browser prevents scripts loaded in one domain to access resource from another domain. However, this policy imposes several limitations to Web 2.0 apps and restricts interactivity between sites. A new proposal has been formed by W3C, to incorporate Web 2.0 developer’s demands, by allowing cross site requests. Which among the following is the said proposal?

  1. Configuring Domain Authorization Rules on the application server side
  2. Access Control for Cross-site Requests
  3. Configuring Application level ACL

more →

On the blog recently

Past quizzes

  • Jan '06 : Which of the following is/are best practices for logout in .net applications?
  • Feb '07 : What sort of privilege on the log file does an application need to log transactions?
  • Dec '04 : What is the best approach to take while designing a cryptographic solution?
  • Aug '06 : An attacker enters a long nasty looking string into the date field. The input overwrites parts of the running program and executes commands on the server. What type of attack just took place?
  • Mar '05 : Which is the best method for implementing the Forgot Password feature?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Plynt Penetration Testing

500+ apps have been entrusted to Plynt for security. Get a quote for your application/network today

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 20.02.07. Paladion conducts Operational Risk Management Conference in Dubai, Bahrain
  • 27.11.06. Paladion enables ORC achieve ISO 27001:2005
  • 10.11.06. Deloitte’s Asia Pacific Technology Fast 500 calls Paladion/Plynt one of the fastest growing technology companies.
  • 10.11.06. Paladion/Plynt ranked among the fastest growing 50 technology companies in India by Deloitte.
  • 01.08.06. Rajat speaks on the current state of security in Financial firms outsourcing to India