Hyperguarding your Web Applications

Weekly Industry Round-up, Week of 5/24

Posted by hyperguard on May 28, 2010

Cloud Computing Basics: Planning and Understanding a Cloud Strategy
This article by John Weathington says there’s still a lot of confusion around what the cloud is and there shouldn’t be. For midmarket companies, cloud services are simply a way to outsource issues to a third party on a pay-as-you-use engagement model. However, companies are concerned about cloud security because anytime you trust a third party, you run risks. And there will be some cases, particularly when data privacy is a concern, where the risks may outweigh potential benefits. John suggests looking at some low-risk/high-value cloud plays like collaboration as a starting point, and building from there. Once you understand how to make your cloud strategy work for you, you might actually find you’re a cloud computing enthusiast.

Dark Reading…
Anti-Clickjacking Defenses ‘Busted’ In Top Websites
New research from Stanford University and Carnegie Mellon University’s Silicon Valley campus found that frame-busting, a popular technique that basically stops a website from operating when it’s loaded inside a frame, does not prevent clickjacking. Clickjacking attacks use malicious iFrames inserted into a Web page to hijack a user’s Web session. The researchers used a security feature in Internet Explorer and Google Chrome browsers to demonstrate clickjacking attacks against the websites’ frame-busting methods. The cross-site scripting (XSS) filter in the browsers basically tricked the browser into seeing frame-busting as an XSS attack: you tack it onto the URL and the browser says it looks like a URL appearing in a Web page and attempts to block it, so it blocks the frame-busting script from executing.

PCI Tokenization Guidance Could Benefit Payment Processors
The Payment Card Industry Security Standards Council (PCI SSC) is expected to release guidance later this year on the use of tokens to replace credit card data. This move could benefit some payment processors that sell technologies using encryption and tokenization to eliminate sensitive card information from merchant systems. According to Bob Russo, general manager of the PCI SSC, there won’t be any major changes to the data security standards (PCI DSS), but guidance documents are being developed to help merchants decide whether investing in encryption or PCI tokenization technologies is a good move.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: