One of the most important ways to stay secure is to stay informed !

Web application security is a critical task, and communicating to you about security is one of the most important factors in keeping your site safe. Ironically, even mentioning security publicly is a challenge, as many hackers see it as an invitation to find new .Hackers use different exploit (public and private attacks) several sites are reporting very suspicious infection every day by google . Attackers inject:

• Malware
• Worms
• Trojan Horses
• Spyware
• Dishonest adware
• Crime ware amongst other malicious threats

This is some reason why google flag your website: “This site may harm your computer”.

This site may harm your computer

One of the most important ways to stay secure is to stay informed. Hackers continually try new approaches, discover new vulnerabilities, and attempt different exploits. As sysmox team find out about potential vulnerabilities, we try to respond webmaster quickly that you can : Applying security fixes may mean installing a software update, modifying your system configuration, or changing how you code your web application.

(continue reading…)

After development, the Macromedia Flash communication application moves into production. At that time, you’ll want to properly configure the Macromedia Flash Communication Server . This should be done with security issues high on the priority list. Insecure server configurations can result in several negative situations, including unauthorized users who compromise information, steal server usage, cheat in games, or disrupt—or even shut down—the server. Below you’ll find a checklist of security configuration settings (as well as a few “best practice” tips) that you should consider as you set up your Flash Communication Server MX for real-time use by intranet or Internet users .

Genral administration setting :

Set a secure user ID and password. Don’t use “admin”, “administrator” (and so forth) as the user name. Pick a password with at least 8 characters, including digits and punctuation.
2     Use the <Allow> and <Deny> tags in the Server.xml file to restrict which client computers can connect to the Admin application.
3     Set the Admin tool to bind to a port that is not available to the general public. Block access to this port with your firewall.

(continue reading…)

How to Design Secure Web Applications 

SySmox

Coldfusion security

Secure web application design is not product-specific: it is helpful in securely designing and implementing any Web application, regardless of the platform. but many of these concepts are relevant to any application development cycle, including non-Web applications.

secure application security

What is the ‘Security Mindset’?

•     Risk Assessment
•     Policies
•     Platform Research, Modular Architecture and Delegation (Layering)
•     Validation (Formal Trust)
•     Vigilance

Keeping computer security issues at bay is a full-time job. These columns provide general education, point out common security issues in implementations, and can aid you in both design and troubleshooting. However, they are not a substitute for a full-time security specialist individual or group in your organization.

Bear in mind that individual links are provided for reference; they may not be applicable to your specific architecture or configuration. Be sure to carefully check whether the procedures suggested or described apply to your configuration before implementing them. Also, be sure to test any change to your current configuration or process in a testing environment prior to applying them in any production environment.

What is the ‘Security Mindset’?

The ideal security architect is very cautious, even paranoid, diligent, suspicious, obsessive-compulsive and impossibly humble. In reality, they tend to be a little more human – which can be both a good and a bad thing – but in terms of ideal qualities, this description is closer to the truth than you might prefer to think.

Generally, it’s a good idea for a security specialist to be suspicious and aggressively inquisitive about new things. She should be suspicious enough so that she’ll feel comfortable prying into how new things work, how inherently secure new tools are, and how much she can trust these new things to keep her data safe. She should also be cautious about programming, configuration, and implementation, both her own and others’. Being this way helps her keep her edge, stay alert, and helps her identify and analyze subtle and tricky situations. It’s often said that the same kinds of people who automatically case every store they enter, but never use the knowledge to steal, are perfect for the security field.

(continue reading…)