AppSec (Application Security) Knowledge Base

Application Security Information and Resources

The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics, from Web application security to information and network security solutions to mobile and Internet security solutions.

Software Code Security The key to achieving superior software code security is to find a solution that can review large amounts of code as needed, in order to meet development timelines. Learn More

SQL Injection SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Learn More

Cross-site Scripting XSS vulnerabilities target scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. Learn More

Cross-site Request Forgery Cross-Site Request Forgery (CSRF) is a malicious attack that tricks the user’s Web browser to perform undesired actions so that they appear as if an authorized user is performing those actions. Learn More

LDAP Injection LDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially harmful characters from the request. Learn More

CRLF injection refers to the special character elements "Carriage Return" and "Line Feed". Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream. Learn More

Code Review Tools Code review is an examination of computer source code. A Code Review Tool finds and fixes mistakes introduced into an application in the development phase, improving both the overall quality of software and the developers' skills. Learn More

Vulnerability Assessment Veracode's vulnerability assessment tools help users eradicate vulnerabilities. Learn More

Cyber Security Many companies and countries understand that cyber threat is one of the most serious economic security challenges they face and that their economic prosperity depends on cyber security. Learn More

Malicious Code Analysis Tools are designed to uncover any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Learn More

Internet Security is critical for online applications because the Web and Internet applications must be available 24 hours a day, 7 days a week. Learn More

Software Security By testing for flaws in software, security testing solutions seek to remove vulnerabilities before software is purchased or deployed — and before the flaws can be exploited. Learn More

Penetration Testing Penetration Testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency, and discover issues that might be difficult to find using manual analysis techniques alone. Learn More

Vulnerability Scanner Vulnerability scanning offers a way to find application backdoors, malicious code, and other threats that may exist in purchased software or applications developed internally. Learn More

Flash Security Flash has a long record of critical security updates aimed at patching flash vulnerabilities and flash malware, but these issues continue to surface as more flash security issues are discovered. Learn More

Ruby Security Just like security applications with other frameworks, securing Ruby apps requires a mix of utilizing best practices in coding along with correctly using helper methods that are provided to help protect against certain types of attacks. Learn More

Rootkit A rootkit is a computer program designed to provide privileged access to a computer while actively hiding its presence. Once a rootkit has been installed the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. Learn More

Malware Malware is short for “malicious software”: hostile applications that are created with the express intent to damage or disable mobile devices, computers or network servers. Malware’s objectives can include disrupting computing or communication operations, stealing sensitive data, accessing private networks, or hijacking systems to exploit their resources. Learn More

Software Testing Tools As the enterprise network has become more secure, attackers have turned their attention to the application layer, which, according to Gartner, now contains 90 percent of all vulnerabilities. To protect the enterprise, security administrators must perform detailed software testing and code analysis when developing or buying software. Learn More

Application Testing Tool Application testing is an important part of securing your enterprise. By identifying vulnerability in software before it is deployed or purchased, Web application testing tools help ward off threats and the negative impact they can have on competitiveness and profits. Learn More

Facebook Security User's guide to Facebook Application Security. Get tips to protect your Facebook account from security flaws. Learn More

Insecure Cryptographic Storage Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely from internal users. Learn More

Application Vulnerability Applications are the weak link in your data protection strategy. Don't allow attackers to gain access to confidential information through vulnerabilities in your applications. Learn More

Software Development Lifecycle (SDLC) A Software Development Life Cycle (SDLC) is a series of steps, or stages, that provide a model for the development and lifecycle management of an application or piece of software. Learn More

Keylogger Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (keys pressed) of a keyboard. Keyloggers are a form of spyware where the user of the computer is unaware their actions are being tracked. Learn More

Vulnerability Management Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities."1 Organizations use vulnerability management to preemptively defend against the exploitation of vulnerabilities in company applications, software, and networks. Learn More

Computer Worm Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Learn More

Spoofing Attack A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware, or bypass access controls. Learn More

Man in the Middle Attack A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. Learn More

Wireless Sniffer A wireless sniffer is a type of packet analyzer. A packet analyzer (also known as a packet sniffer) is a piece of software or hardware designed to intercept data as it is transmitted over a network and decode the data into a format that is readable for humans. Learn More

Linux Hacking Linux is an open source operating system for computers. Linux is a Unix-like operating system, meaning that it supports multitasking and multi-user operation. Linux is widely used for supercomputers, mainframe computers, and servers. Learn More

Ethical Hacking Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the eyes of the beholder. When examining the root cause of a website hack or application exploit, it pays to follow the money. Learn More

Firewall Security The term firewall originated to describe a building wall that offers physical protection from damaging fire. Firewall security technology, first introduced to computer networks in the late 1980s, protects private networks by securing gateway servers to external networks like the internet. Learn More

A botnet is a network of compromised computers under the control of a malicious actor. Each individual device in a botnet is referred to as a bot. A bot is formed when a computer gets infected with malware that enables third-party control. Learn More

Vulnerability Management Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities." Organizations use vulnerability management to preemptively defend against the exploitation of vulnerabilities in company applications, software, and networks. Learn More

Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Learn More

Data Security Resources
Data Breach Survival Guide
Ultimate Data Security Guide
Guide to Data Loss Prevention