Posts Tagged ‘authentication’

What to Log for Authentication and Access Control

Authentication and access control plays a critical role in web application security.  Mostly for logging, all authentication and access control events should be logged which includes but not limited to successes and failures. If  we are logging only the successful events, someone may brute force attack the passwords without any detection or notice. On the […]

Leave a Comment

Security risk assessment process and countermeasures

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements. • Identify the […]

Leave a Comment

Email and Security

As we know, it is possible to spoof an email sender’s name, so now the question of how to authenticate the sender has become even more important, since email has been used to send sensitive information. In the recent case of Gov. Sarah Palin’s email, her email account got hacked and the hacker posted the […]

Comments (1)

Access control fraud and countermeasures

These days access to the internet is a business requirement. Most businesses are selling their products and services on the internet which sometimes requires customers to have access to the critical assets such as applications and databases. The global growth of the internet has increased complexity and potential risks to these assets. In some cases, […]

Comments (2)