One of the most important ways to stay secure is to stay informed !

Web application security is a critical task, and communicating to you about security is one of the most important factors in keeping your site safe. Ironically, even mentioning security publicly is a challenge, as many hackers see it as an invitation to find new .Hackers use different exploit (public and private attacks) several sites are reporting very suspicious infection every day by google . Attackers inject:

• Malware
• Worms
• Trojan Horses
• Spyware
• Dishonest adware
• Crime ware amongst other malicious threats

This is some reason why google flag your website: “This site may harm your computer”.

This site may harm your computer

One of the most important ways to stay secure is to stay informed. Hackers continually try new approaches, discover new vulnerabilities, and attempt different exploits. As sysmox team find out about potential vulnerabilities, we try to respond webmaster quickly that you can : Applying security fixes may mean installing a software update, modifying your system configuration, or changing how you code your web application.

(continue reading…)

Web Application Security : Formal Trust and Authentication :

Secure web application design is not product-specific: it is helpful in securely designing and implementing any web application, regardless of the platform. This article, part of a series of security-related, but many of these concepts are relevant to any application development cycle, including non-web applications.

  1  Formal Trust.

  2  External Resources (Including Users).

  3  Client Applications (Including Users).

  4  Authentication (Trusting Identification).

  5  Summary.

Keeping computer security issues at bay is a full-time job. These columns provide general education, point out common security issues in implementations, and can aid you in both design and troubleshooting. However, they are not a substitute for a full-time security specialist individual or group in your organization.

Bear in mind that individual links are provided for reference; they may not be applicable to your specific architecture or configuration. Be sure to carefully check whether the procedures suggested or described apply to your configuration before implementing them. Also, be sure to test any change to your current configuration or process in a testing environment prior to applying them in any production environment.

1 Formal Trust :

Last month’s column, How to Design Secure Web Applications, briefly discussed formal trust in the context of input validation and architectural research and design. This column discusses formal trust as a general concept, including how it relates not only to input validation, but also to topics such as working with external data resources (including users), building client-server applications (both web-based and not), and most importantly, authentication.

The first thing to keep in mind about formal trust is that it barely resembles the personal act of trusting (such as,. the “Can I trust my friend Bob?” idea). Formal trust is usually a calculation based on existing policies and on informed opinion about the implementation environment and relevant architecture in which an application is intended to execute. When a security analyst calculates the formal trust relationships for a given application implementation, she examines the requirements of the policy and existing procedure, compares these resources to the facilities provided by the data and other supporting resources, and makes implementation and design decisions based on how closely the resources match the policy.

Perhaps a more approachable way to think of the process of calculating formal trust is comparing it to a hiring process. Candidates must be appropriate to the position that is open, but beyond reading their resumes, it is still necessary to do background checks, interview them, and perhaps test them. You usually do this whether or not you personally think that candidates are trustworthy. You do it both because your HR policy states proper procedure for hiring someone to fill the role you need to fill and because you cannot afford to take chances. In no way is the standard way your company hires resources meant to be a personal criticism of a candidate; it is just the way the policy says it must be done.

(continue reading…)

It’s been said that the internet is a global community made of all the users on the network. Like any community, there are businesses conducting commerce, individuals going about their daily lives, and even a few bad actors. But unlike our physical communities, there are no police cars roaming the neighbourhoods looking for these bad actors. There aren’t even boundaries that help law enforcement activities. At the end of the day, this global community without boundaries means that every enterprise has to be on the lookout for not just the security of their own systems, but also the security of the community as a whole.

This is obviously a difficult situation. It’s hard enough to secure your own systems or websites ; being on the lookout for the entire internet is an impossible situation. Further, it is outside the commonly accepted mission of most IT security departments to be accountable for security beyond the network boundaries. So, how do you balance the need to be a good security citizen with the need to minimise operational costs and maximise the assurance of your systems?

Passive mechanisms (continue reading…)

Port 80 and 443 are wide open — do you know who’s logged into your applications?

So, you have protected your perimeter by placing Intrusion Detection Systems, Firewalls, Anti-Virus, and other tools in your DMZ and internal network. Are you truly secure? Although network security is an important step toward a strong security posture, it’s not nearly enough. It’s like locking all the doors but putting the key under a transparent mat. Over 75% of attacks are occurring through Ports 80 and 443 (SSL), which are wide open.

The Problem

(continue reading…)