Categories
Forums
Premium Sponsor
Premium Sponsor
fullcontrol.net

Search


Advanced Search
Popular Articles
Popular Authors
Partners
 
SubMain - Developer Tools
 »  Home  »  Authors  »  Bryan Sullivan
Bryan Sullivan
Bryan Sullivan is a development manager at SPI Dynamics, a Web application security products company. Bryan manages the DevInspect and QAInspect Web security products, which help programmers maintain application security throughout the development and testing process. He has a bachelor's degree in mathematics from Georgia Tech and 12 years of experience in the information technology industry. Bryan is currently coauthoring a book with noted security expert Billy Hoffman on Ajax security, which will be published in summer 2007 by Addison-Wesley.
Articles by this Author
» Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot
Published 01/10/2007 | Security Web Development Web Services | Rating:
A brute force attack, also known as a dictionary attack, is one of the more uncomplicated attacks available to a hacker. However, the odds of this type of attack succeeding can be very high if a site is not configured properly. Learn more about what can be done to defend a site against a brute force attack - including implementing incremental delays and carefully wording error messages - and which defensive strategies don't work. [read article...]
» Malicious Code Injection: It’s Not Just for SQL Anymore
Published 11/11/2006 | XML Security Web Development | Rating:

While many developers are aware of the threats posed by malicious code, and by SQL injection attacks in particular, there are other forms of code injection that are equally dangerous. Learn more about XPath injection, LDAP injection, and command execution injection and view examples of each type of attack. In addition, learn why many preventative actions that are commonly suggested to developers are not helpful, and discover how the creation of whitelists and blacklists can help to protect an application from malicious code injection attacks.

This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

[read article...]
» Testing for Security in the Age of Ajax Programming
Published 10/13/2006 | SQL Server Security Web Development Web Services | Rating:

Ajax programming, which allows a web page to refresh a small portion of its data from a web server, is an exciting technology that has recently been introduced. However, this type of programming can also leave applications open to SQL injection and similar attacks. It is important for the developer to test the application thoroughly for vulnerabilities before passing it on to the QA department. And the QA engineer needs to learn to "think like a hacker." Learn more about securing your website's Ajax programming.

 

This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

[read article...]
» Application Error Handling: How to Avoid Death by a Thousand Cuts
Published 09/01/2006 | Security Web Development Web Services | Rating:
Conscientious developers often want to help the end user when an application error occurs by creating a message to be displayed that contains detailed information. However, if developers are overly helpful with their error handling approach, they can wind up giving up critical information to an attacker. Learn about the best practices that should be followed when creating error messages, including important guidelines that should be taken into consideration. [read article...]
» Beyond Stored Procedures: Defense-in-Depth Against SQL Injection
Published 07/17/2006 | Deployment Security Web Development ASP.NET Mobile Devices Web Services | Rating:

   Unless you are certain that you have taken the right steps to counter SQL Injection attacks, you may be more vulnerable than you think.

    This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

[read article...]