Home / Archives for Foundstone Services

Foundstone Services

Foundstone Services is an independent consulting division of McAfee. Our team consists of world-class consultants with decades of real-world experience in managing risk, preventing attacks, and building successful security programs. Our comprehensive services and training courses help organizations prepare to combat emerging online threats and defend valuable assets.

Subscribe to Foundstone Services Blogs

More from Foundstone Services

Enterprise

Setting Up Automated Scanning of Apps Using Custom Authentication, Part 2

This blog was written by Sarvesh Pandey. Automated security scanning has always been a challenge for applications that implement custom authentication mechanisms. Have you ever come across a scenario in which automated tools have failed to scan an application because of an authentication failure? Most automated scanners replay login requests ...

Enterprise

Setting Up Automated Scanning of Apps Using Custom Authentication, Part 1

This blog was written by Sarvesh Pandey. Automated security scanning has always been a challenge for applications that implement custom authentication mechanisms. Have you ever come across a scenario in which automated tools have failed to scan an application because of an authentication failure? Most automated scanners replay login requests ...

Enterprise

Cyber Insurance – an essential part of risk mitigation strategy?

Blog post by Hugh Deura Advancement of technology is deriving proliferation of threat landscape rapidly which extend attack vectors. With proliferation of automated tools available for cyber criminals; it’s not a matter of “if” but “when” there will be a security breach. There are two types of organizations in this ...

Enterprise

Tips for Securing SSL Renegotiation

A number of Internet connections require SSL renegotiation, a Secure Sockets Layer/Transport Layer Security process that allows the changing of the details of a handshake after a connection is made with the server. Renegotiation is required when no client-server authentication is initially required while making an SSL connection but is ...

McAfee Labs

Setting Up HTTPS for Google App Engine Applications

Thursday, we posted advice on creating a custom domain name for an application developed with Google’s App Engine. In this post, we will learn how to add SSL support and force the App Engine application to use only SSL. Start by obtaining an SSL certificate for your domain from an ...

McAfee Labs

Creating a Custom Domain Name with a Google App Engine Application

Google’s App Engine is a Platform as a Service (PaaS) for developers that provides features and frameworks to quickly and easily build scalable web applications. Developers can create applications and deploy them to the App Engine. When a web application is created using the App Engine, the application is assigned ...

Enterprise

Security Best Practices for Azure App Service Web Apps, Part 5

Microsoft’s Azure App Service is a fully managed platform as a service for developers that provides features and frameworks to quickly and easily build apps for any platform and any device. Despite the ease of using Azure, developers need to keep security in mind because Azure will not take care of every ...

Enterprise

Efficient Application Testing With Burp’s Cookie Jar

This blog was written by Sarvesh Pandey. Testing web applications for security flaws is sometimes difficult due to the peculiar behaviors of applications. One curious behavior is an application that modifies and validates cookies on a per-request basis—that is, every new request sent to the application must contain the valid ...

McAfee Labs

Security Best Practices for Azure App Service Web Apps, Part 4

Microsoft’s Azure App Service is a fully managed Platform as a Service for developers that provides features and frameworks to quickly and easily build apps for any platform and any device. In spite of its ease of use, developers still need to keep security in mind because Azure will not take care ...

Enterprise

Testing Race Conditions in Web Applications

This blog was written by Sarvesh Pandey. When determining black-box or gray-box application security (penetration testing), an assessor mostly concentrates on the top 10 Open Web Application Security Project vulnerabilities and rarely worries about testing race-condition issues. The general consensus is that race-condition attacks are unreliable and cannot be identified ...

Subscribe to McAfee Securing Tomorrow Blogs