Tuesday, August 30, 2011

Google Code University - Learn Application Security fundamentals

Google Code University publishes many online materials, where you can learn about programming and application security. You can find topics in the area of programming languages, web programming, web security, databases, Linux, etc. 

They have also released many tools in this area, the latest being web application named Gruyere. This is similar to OWASP WebGoat or Mutillidae.

The tool shows  how web application vulnerabilities can be exploited and how to defend against these attacks. Some of the vulnerabilities that you will be exposed to include Cross-site scripting (XSS), Cross-Site Request Forgery (XSRF), Cookie Manipulation, Cross Site Script Inclusion (XSSI), Path Traversal, Denial of Service, Configuration Vulnerabilities, and specific vulnerabilities affecting AJAX. 

It is a great tool to learn application security.


Google Code University :  http://code.google.com/edu/

Monday, August 29, 2011

A Guide to Facebook Security

Last week Facebook released a document titled "A Guide to Facebook Security".

It is a must read for every facebook user. It lists some essential tools that helps protect your account against various threats.

Some of the items detailed in the document include:
  • How to protect your account
  • How to avoid the scammers
  • How to enable advanced security settings
  • How to recover a hacked account
  • How to stop imposters
Here are the top tips to protect your accounts.

  • Only Friend people you know.
  • Create a good password and use it only for Facebook.
  • Don’t share your password.
  • Change your password on a regular basis.
  • Share your personal information only with people and companies that need it.
  • Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.
  • Use a one-time password when using someone else’s computer.
  • Log out of Facebook after using someone else’s computer.
  • Use secure browsing whenever possible.
  • Only download Apps from sites you trust.
  • Keep your anti-virus software updated.
  • Keep your browser and other applications up to date.
  • Don’t paste script (code) in your browser address bar.
  • Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.
  • Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.
  • Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

The document link is below: