cross site scripting

Google faces security hurdles in the enterprise

Sun, 15 Jul 2007 20:01:39 -0400

Google seems to be everywhere these days, but as the search giant moves into the enterprise, they're facing much of the same security scrutiny as those who have gone before them. Researchers at Ponemon Institute are expected to release a report today that outlines the concerns among IT professionals regarding the overall security of Google Desktop, the company's PC search utility, specifically within the confines of business operations. Their research revolves around a cross-site scripting vulnerability reported and subsequently patched by Google in February; the authors of the report say that their work underscores a growing level of concern over the company's rapidly expanding footprint in the enterprise. In a survey of more than 600 IT security specialists who indicated that they were familiar with the Google Desktop vulnerability, an overwhelming 71 percent said that they believe that the product likely harbors other security flaws. The company is trying to address security through its acquisitions of software vendors and has sponsored malware research projects such as Stopbadware.org.

For more on Google's security challenge in the enterprise:
- read all the details in this Infoworld. Article

Choosing a good application security tool

Thu, 03 Aug 2006 20:01:35 -0400

Anyone building a application knows the value of quality assurance testing. But many organizations may not realize the additional aspect of testing a new application's security power. As experts relate, today's QA teams need to bring security to the top of the agenda and make sure that new code and software development is free of SQL injection and cross-site scripting. The first step is finding the right security testing tool and an automated product is a good choice. Find out the 11 questions you need to answer before finalizing the product buy.

For more on a good application security tool:
- take a look at this article at Securityitworld.com

Firefox patches deemed "highly critical"

Thu, 27 Jul 2006 20:01:37 -0400

It's got to be a tough work week over at Mozilla as the browser maker releases 13 security patches for Firefox, eight of which are deemed "critical." And one researcher terms the entire patch update as "critical" for enterprises since two thirds of the vulnerabilities are tied to JavaScript and can let hackers initiate cross-site scripting and dump nasty code on vulnerable systems in a slew of ways.

For more on the Firefox security patches:
- see this article at InformationWeek

Security blind spot: Web applications

Wed, 19 Jul 2006 20:01:35 -0400

For all its greatness, today's Web is also the big hornet's nest in every security manager's world as Web applications pose the greatest security threat, according to a new report from Fortify Software. The problem is that people don't know as much about security when it comes to Web applications as compared to other threats. Notably, viruses, worms and other hacking malware have been the primary focus in keeping enterprise data safe. But as the report notes, bot storms pose a huge security risk to Web applications, as does cross-site scripting.

For more on the Web application security issues:
- take a look at this article at Techworld

Researcher finally gets his security warning heard

Wed, 28 Jun 2006 20:01:37 -0400

When executives and security leaders at Microsoft and Amazon were told about vulnerabilities related to the two companies' Web sites, the security warnings went unheeded and ignored. So the researcher who discovered the flaws took his message to the Web and guess what? Microsoft is working on patching the cross-site scripting vulnerability and Amazon is working to fix the bugs related to its retailing site.

For more on getting the security message across:
- read this article from IDG