You are viewing egon010

 

egon - Application Security

About Application Security

Previous Entry Application Security Jan. 10th, 2009 @ 06:50 pm Next Entry
There have been a number of recent reports of break-ins to popular Web2.0 sites. These security measures/suggestions are something I've been talking about for some time now. Twitter broke rule one. Do you?


"SEGMENTED INTERFACES. For the love of all things holy, do not, DO NOT, DO NOT, DO NOT expose management interfaces over the internet. ..."
     http://www.matasano.com/log/1342/my-pentest-secret-password-guessing/



Update: More information http://www.codinghorror.com/blog/archives/001206.html
Leave a comment
[User Picture Icon]
From:bifrosty2k
Date:January 12th, 2009 11:43 pm (UTC)
(Link)
There are way too many websites that do this.
Especially ones that use Java/Tomcat.

Its really not all that hard to create a separate maintenance instance of these freaking appserver piles of shit, but nobody ever does... its all stupid.
(Leave a comment)
Top of Page Powered by LiveJournal.com