July 2008
Defend against Reverse Engineering
by Roshen Chandran, CISSP
Software reverse engineering is the technique of getting the original source code from the binary. Competitors might use reverse engineering to figure out how you implemented that cool feature. Crackers might use it to see how they can bypass your license policy. Game cheats use reverse engineering, well, to cheat.… more →
The Payment Application Data Security Standard (PA DSS)
by Sangita Pakala, GCIH
PA DSS fills a gap in the more well known PCI DSS standard. Today, we’ll discuss this lesser-known standard. Remember that the biggies of the credit card industry put their heads together and came up with Payment Card Industry Data Security Standard (PCI DSS). Their aim was to protect the “Cardholder’s” data. PCI DSS was first released in 2005 and then revised in October 2006. PCI DSS has a few requirements that talk about securing web applications that deal with cardholder’s data.… more →
Cache Control Directives Demystified
by Siddharth Anbalahan
Many years ago, HTTP 1.1 introduced specialized Cache Control directives to control the behavior of browser caches and proxy caches. These were a refinement over the HTTP 1.0 headers that programmers were using to control the behavior of caches. Though these directives are several years old, we still see them being used incorrectly. In this article, we explain the meaning and relevance of the most important cache control directives.… more →
Quiz: Proposal to amend Same Origin Policy
Same origin policy of browser prevents scripts loaded in one domain to access resource from another domain. However, this policy imposes several limitations to Web 2.0 apps and restricts interactivity between sites. A new proposal has been formed by W3C, to incorporate Web 2.0 developer’s demands, by allowing cross site requests. Which among the following is the said proposal?
- Configuring Domain Authorization Rules on the application server side
- Access Control for Cross-site Requests
- Configuring Application level ACL