With vital data being transmitted and stored in web applications, there is a dire need for explicit security testing. Apart from maintaining the privacy of important data, security testing also involves tackling authorization and authentication issues.

As a tester, it is the most exciting form of testing. There are many interesting tools and techniques to reveal the vulnerabilities of a web application. But as fun as it may sound, it has a very serious side to it. With the use of the right security testing tools you can uncover many hidden issues that can otherwise give out sensitive information in unauthorized hands. With so many web application security testing tools available, there is always a doubt about the most suitable option. Here are some tips to choose the right security testing tool:

Simplicity of use
It is very important for a security testing tool to have complete ease of usage to save unnecessary time wastage. The tool should not be confusing and should be easy enough to be understood by first time users. The installation should be simple and the basic setup should not require too much time.

Add-ons
A web application security testing tool is incomplete without a handy set of standalone tools. Some examples can be HTTP editors, web proxy and HTTP discovery service that allows detection of live web servers on the network. These utilities are very important to perform thorough investigation. More than half of the issues are revealed by these additional utilitarian tools.

Creation of logs
Logging allows you to track the entire process from submitting the URL to packet level details. You can locate the error invoking code and can even identify the headers sent and received via the HTTP protocol.

Authentication and authorization
Security testing tools should allow you to manipulate the web application as an authenticated user. This will help you in revealing the loopholes or the sensitive areas of the application that can be easily exploited. Similarly, you should be able to adopt different authorization roles and test the application accordingly.

Handling false positives
Every testing tool generates many false positives but the right tool is the one that offers ways to control what has already been scanned or seen. When used in future, it saves lot of time and makes testing hassle free.

Testing login
Though rare, but if a web application tool provides password cracking capabilities, it can make the application very secure. This helps in testing the robustness of login mechanism. The conventional dictionary cracking methods are little limited in their scope.

Advanced features like smart scanning, multiple site scan, and internal scan query manipulation allow complete testing of the application quickly. Go for the evaluation version to see whether the tool is actually as per your requirements or not. Keep these tips in mind and choose the web application security testing tool that works well in your environment and fits your budget.

Author: Ambreen T
Article Source: EzineArticles.com
Provided by: Digital TV, HDTV, Satellite TV

In these post 9/11 days, intrusion and lack of privacy are often justified by the glib phrase “If you have nothing to hide why worry?” Yet all of us at some time or other have something to hide without being a criminal. What if you’re planning a surprise party, buying presents or arranging a secret holiday? Or perhaps you are being very naughty – hiding photos of your girlfriend from your spouse, which if not exactly nice, is not usually a crime.

The best reason of all is for personal security – ID theft is at an all time high and keeping important information secure is not that easy these days. Even if you trust your firewall, anti- spy ware, etc, what if your pc or laptop was stolen? Could you be absolutely sure that no one could read your files, or access your passwords, business accounts, salary files, and new business ideas?

What if you could hide your most cherished information so securely that it couldn’t even be detected? Well now you can, thanks to open source and it won’t even cost you a cent. All you need is a PC running Windows or Linux and the Truecrypt application.

Truecrypt is a remarkable piece of free software that can be downloaded from http://Truecrypt.org It uses the best security methods- algorithms like ES-256, Blowfish, CAST5, Serpent, Triple DES, Twofish, AES-Serpent, and AES-Twofish-Serpent. Even the source code is available to examine or alter. Don’t worry if you don’t know what these names mean; they are all well established and verified means of encrypting data. You can find out more about them on the Truecrypt website or use Google.

There is a very dodgy practice in security- known as “security through obscurity” that works by not revealing how the secured data is stored. It relies on that secrecy to protect your data. This is snake oil. Many programmers think they can write their own encryption algorithms and sell them but it is actually pretty hard to develop robust and secure algorithms. It’s considered far better to use tried and tested methods and keep your passwords secret. That’s what Truecrypt does. There is nothing wrong with hiding the files as well but you should not rely on keeping files hidden as your only means of protection.

Truecrypt is excellent at disguising its encrypted files. It doesn’t use any special type of file so the presence of a Truecrypt file cannot be easily spotted. It is possible to detect that you have used Truecrypt on a Windows PC by looking in the registry but those registry keys can be found and removed if you are really security conscious and know how to use regedit.

In Windows Explorer if you see a file ending in .txt, it is usually a text file, just as .xls is an excel file, .doc is for word etc. With a file named kernel.sys, you might think it is part of Windows. But it could equally be a Truecrypt file. Examining the bytes in a Truecrypt file with a hex editor will not reveal what the file contains or even identify it as a Truecrypt file. You’ll just see random byte values. The whole file is encrypted and only your password can decrypt it. As your password isn’t stored anywhere that means if you forget it, the data is irretrievably lost. There is no back door or recovery utility that you can use.

Unusually for software of this complexity, Truecrypt is very easy to use. It can make use of a file, an entire disk or even a USB drive to hold encrypted files. My preference is to use a file, as it’s easy to make backup copies.

Each Truecrypt file or drive is actually a “volume”, similar to a root folder that holds other files and folders. Each ‘volume’ has to be prepared once- just enter a password and it is filled with random data in a few minutes. “Volume” files can be pretty small – a few hundred kilobytes or very large- up to gigabytes. The overall size obviously depends on what you want to hold in it but as a general rule, keep it as small as you can- certainly don’t make it very big “just in case”. Big files stick out like a sore thumb. Certainly avoid using file extensions that are easy to check. You might be tempted to hide a Truecrypt file in a folder full of large spreadsheets. But Excel would not be able to load your file and that might be a clue.

The Windows folder for instance is full of large files such as win32.fts, a 16 megabyte file that is part of the Windows XP help system. Do you know how to use an fts file? I certainly don’t. So creating a Truecrypt file with an fts extension in the Windows folder is one place to hide files.

Once a file has been prepared, it just needs mounting to make it usable. Select the file, choose the drive letter it will use and enter your password. One second later you’ll have a new drive show up in Windows Explorer. This drive can be reformatted, compressed and used just like a real disk. You can copy your files on to it or work directly on it- it’s as fast as a normal disk and just as safe. How do I know? I’ve used one for over a year and have never lost any data.

Certain countries have laws – the U.K. for instance, that can force you to reveal your passwords to authority if they demand it. If you don’t, you may go to jail. However Truecrypt can provide “plausible deniability”. You can store a secret volume within a Truecrypt volume using a second password. If the first password is used, only the files in the visible part are revealed and you can claim that you have complied with the law. Unless the secret volume takes up a large amount of space, like finding a hidden room in a house, it will be impossible to detect if a secret volume is present.

Using Truecrypt is of course no excuse to avoid the usual security processes like firewalls and anti-virus. Neglect those and you might end up with a key logger on your PC that would record everything you did including your passwords.

I’ve used Truecrypt to secure a large list of website usernames and passwords. It has proved to be extremely robust and reliable. If you’ve got personal data that must be kept private – Truecrypt is one of the best ways to do it. Just don’t forget your password!

Author: David Bolton
Article Source: EzineArticles.com
Provided by: Cellphone news

Introduction
Google, the world’s premier Search Engine Company have announced the development of a new operating system labeled Google Chrome.

The company unveiled plans to develop the new system on the 7th of July. Google has now officially made clear their intentions of directly competing with Microsoft in the Operating System market.

Chrome is listed as being a Linux derivative and will be free to use. It will first be launched with netbooks, with a mid-2010 release schedule.

Manufacturers working with Google include:

Acer
Adobe
ASUS
Freescale
Hewlett-Packard
Lenovo
Qualcomm
Texas Instruments
Toshiba

The graphical design is based on the Google Chrome browser, launched 9 months ago, and is being developed as a lightweight operating system with the Internet as its primary priority.

Chrome is focused on consumers who place a lot of emphasis on using the Internet.

Security & Privacy
Google has claimed that the security built into Chrome will shift from the dependence upon Security updates, and that Chrome users won’t have to deal with virus and malware infections. They claim that it will just work!

Their bold claims however remain to be seen. It’s foreseeable that for the time being no computer system can be completely impervious to security problems.

Some individuals have also questioned their privacy and the protection of personal information by Google. We should bear in mind, however, that similar concerns have been raised about other companies that operate in this field.

A Brief History of Google
The Google Search Engine was started in 1996 as a research project by Larry Page, latterly joined by Sergey Brin. Together they devised an algorithm with which to rank websites according to relevancy in Internet searches.

In 2000, the advertising product AdWords was launched. AdWords enabled businesses to purchase keywords for small adverts which could be placed alongside search results.

2004 saw the birth of Google Earth, the result of an acquisition of Keyhole, Inc who pioneered the initial software.

In 2006 Google bought online video repository YouTube.

Since it’s small beginnings Google have continued to offer more services, like iGoogle, GMail, Google News, Talk!, Picasa, AdSense and many more products.

FAQ’s
Q. What is Google Chrome Browser?
A. Chrome Browser is Google’s answer to competing web browsers such as Internet Explorer, Mozilla Firefox, and Opera.

Q. What is Linux?
A. Linux was developed to be a free alternative to the once widely used commercial UNIX operating system, and is now also competing with Microsoft. In 1991, Linus Torvalds began work on the Linux Kernel (The ‘brain’ of a computer’s control software).

Q. What are Netbooks?
A. A netbook is a low-cost type of laptop computer designed mainly for wireless communication and access to the Internet.

Conclusion
Expect to hear more news about the development of Chrome OS later this year, we’re waiting with anticipation to see what Google’s’ offering will bring.

Author: Richard P Harrison
Article Source: EzineArticles.com
Provided by: Latest trends in mobile phone

PHP stands for Hypertext Preprocessor. It is a popular and most used programming language for website development. After its release in 1995, a number of web applications were made on PHP. This scripting language is a powerful tool for designing dynamic web pages. The language is widely used for web development and can be easily embedded into HTML code. Major operating systems such as Linux, Microsoft Windows, Mac OS X etc., support PHP language. PHP is most commonly used in server side scripting, command line interfaces and desktop applications. Various databases like Oracle, Sybase, generic ODBC (Open Database Connection), MySQL etc., are supported by PHP. It also includes external libraries to generate PDF documents and parsing XML. Because of being an open source language, it is used by a large number of developers, can be easily downloaded, saves time and is cost effective. The time needed to process and load a webpage made on PHP is also comparatively low. Due to its versatility, PHP development is growing at a faster speed and gaining popularity worldwide. PHP’s main benefit is that it is totally free for website programming development and no investment is required for beginning in web development cycle. Various other advantages of PHP web development are:

The aforesaid benefits along with numerous others have made PHP an ideal solution for businesses to use it as a tool for their web-based applications. PHP offers better performance, versatility, reliability, faster speed and efficiency as compared to other programming languages, which makes it popular among web developers. Being free (as it is an open-source software), fast (as it can be easily embedded into HTML) and having the capability to build application compatible with any type of browser, PHP continues to grow rapidly and is being used on 24% of the sites on the Internet. Only a few languages can come close to deliver what PHP can offer.