Application Security Glossary

JavaScript Static Code Analysis

During the development lifecycle, it’s easy for security vulnerabilities to creep into your code. The best way to head this off at the pass and ensure that security remains a priority during the development life cycle is to use static code analysis. For JavaScript static code analysis there are a few options on the market that can be deployed to assist in secure code development.

Read More >>

Jenkins Static Code Analysis

Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example – it works like ‘Cruise Control’ and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered to users. One question that users of Jenkins have often raised is how to implement static code analysis in a Jenkins environment.

Read More >>

Keylogger: The Invisible Threat

What are keyloggers?

A keylogger is a small, simple application that is typically designed to run “invisibly” on a computer so as to avoid detection by the actual computer user. A keylogger does exactly as its name implies—it logs all keystrokes that are inputted by the user. More sophisticated versions of keyloggers can also capture screen shots and mouse clicks. Keyloggers are typically used by malicious attackers to gain access to passwords, financial information or other sensitive information that they can use for their gain.

Read More >>

LDAP Injection

LDAP Injection is a vulnerability that affects web applications. It can be exploited by sending requests that are not properly analyzed and revised by the web application due to the vulnerability. An attacker can then modify LDAP statements using a proxy. This grants the attacker permissions needed to perform commands using the database server, web server and web app server. This can allow the attacker to access, modify or delete data contained within the LDAP tree.

Read More >>

Linux Hacking

Linux is an open-source operating system (OS) that shares many similarities with UNIX. It is the most popular OS used in mainframe, servers and super computers, thanks to its multiple-user functionality and multitasking capabilities. Linux, while not as common as Windows, can be found on many personal computers and mobile devices today. Android, the world’s most popular mobile operating system, is Linux-based. Originally Linux was not able to run many applications that were designed specifically for Windows environments. But in recent years, developers have worked to ensure that most Windows applications and games can also be run in Linux environments.

Read More >>

Malware

Malware is any type of malicious software that can be used to threaten a network or computer. It is typically used to steal information and data that can be used for personal or financial gain. Malware can be implemented into personal computers, company computers, company networks, mobile devices and other electronic devices. Some of the detrimental effects of malware can include data breaches, account compromisation, server hijacking, disruption in normal activities and communication and much more.

Read More >>

Man-In-The-Middle (MiM) Attacks

A Man-in-the-Middle (MiM) attack is a unique type of session hijacking that many companies face during the flow of communication data between client and server. This occurs when a malicious attacker is able to trick the client into believing he is the server and he tricks the server into believing he is the client. In this manner, the attacker is able to access and manipulate information that is intended to be communicated between the client and server only.

Read More >>

Mobile Application Security (Android/iOS)

Mobile application security for Android and iOS is a field which doesn’t always receive the attention it deserves. Software development teams have been scaling up their mobile application development over the last decade as smartphones have become more affordable and mobile bandwidth (and Wi-Fi) access has improved. It has been estimated that nearly 1 billion people will access the Internet for the first time in the next decade thanks to these devices. In addition, the smartphone has already established itself as the dominant platform for web access in developed nations.

Read More >>

Multi-Platform JavaScript Code Analysis

The Source File Metrics application is an advanced JavaScript Code Analyzer. These codes calculate metrics like total files and lines, code lines for multiple formats and whitespace lines. Comment lines/files, average line length, code/whitespace ratio, code/comments ratio and code/ (comments/whitespace) ratio are also calculated.

Read More >>

OWASP Top 10 Vulnerabilities

The Open Web Application Security Project (OWASP) is an open-source application security community whose goal is to spread awareness surrounding the security of applications, best known for releasing the industry standard OWASP Top 10.

The OWASP community is powered by security knowledgeable volunteers from corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure.

Read More >>