Storing passwords in clear text Recently I discovered that a lot of commercial web software does not apply the right security measures regarding the security of passwords. The software is sold and provided as a secure solution that suites a certain business need quite well. However storing plain text passwords within a database table is [...]

WAF goes Oracle Oracle released its new security product, a firewall for SQL queries. At the moment I had no time to review the product myself, but I am quite sure, it is just like a normal web application firewall. It costs money, pretends to tighten the security level and is sold as THE solution [...]

Easy access to your mailbox This image has been taken while performing a physical security assessment and shows the vulnerability of a stuffed mailbox. This mailbox has not been emptied in a while and can easily be accessed by outsiders. It was not even necessary to pick locks. Insecure key switch The following image displays [...]

An Introduction to Web Application Security Web Applications today More and more companies start to use web applications. Years ago, no one thought that a company like Google would become the world leader in search engines, emails, online sharing of digital media and lots more. Today there are thousands of corporations who maintain web applications, [...]

gCMS Content Management System The gCMS Content Management System is a simple but powerful CMS for corporate sites, homepages and others. At least if you ask the coders of the alpha release. The application is no longer active therefore there is no reason in not using the source as example to show you how to [...]

The latest Linux version of Skype 2.1.0.81 has a different way to search history logs than the latest Windows version of Skype. The normal search in Skype (Linux) Can be customized with HTML input Render a whole site inside the search dialog Considerations regarding security This issue is more a bug than something else, but [...]

Proper input validation A lot of web applications have simple or more complex web forms to enter data, search for something or buy just anything for yourself or a friend. Also a lot of developers secure those input fields and validate and/or sanitize the values. This is a must-have in these days where everyone familiar [...]

Update: This works also with the latest patch set 19, but only if the the form-tag is not closed! I already wrote about the nice HTML rendering engine from Java. Today I found out, that the engine produces a ClassCastException on Microsoft Windows operating systems. I verified the bug with JRE 1.6 patch set 17 [...]

There are several things you normally shouldn’t do at work like drinking or doing private stuff, but the following points are closely linked to information security and awareness. You should never… Leave the workspace unattended or unlocked. Leave confidential print outs on your desk while you’re not in the office. Talk about working issues while [...]

There is a nice feature within Java that enables you to format labels with HTML tags. Although there are some restrictions a developer can do a lot of interesting things with it.  You could for instance do one of the following things: Format labels (multi line labels, bold, italic, …) Format tool tips Render web [...]