{"id":87,"date":"2005-04-11T00:00:00","date_gmt":"2005-04-11T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/04\/11\/security-its-just-a-matter-of-asking-the-right-questions\/"},"modified":"2021-12-30T11:36:29","modified_gmt":"2021-12-30T11:36:29","slug":"security-its-just-a-matter-of-asking-the-right-questions","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/04\/11\/security-its-just-a-matter-of-asking-the-right-questions\/","title":{"rendered":"Security: It&#8217;s just a matter of asking the right questions"},"content":{"rendered":"<p>For many small and midsize networks, application security can often be a grey area.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Almost all companies test for vulnerable versions (i.e., missing security patches) and default configuration files.<\/p>\n<p>Before investing any time or money in securing or verifying the security of an application, first perform a risk assessment.<\/p>\n<p>The following are areas that should be considered:<br \/>\n&#8211; Scripting;<br \/>\n&#8211; Enumeration;<br \/>\n&#8211; Passwords;<br \/>\n&#8211; Sessions;<br \/>\n&#8211; Error handling;<br \/>\n&#8211; Field variables;<br \/>\n&#8211; Code commenting;<br \/>\n&#8211; Session time-out;<br \/>\n&#8211; Session cache; and<br \/>\n&#8211; Network parameters.<\/p>\n<p>http:\/\/insight.zdnet.co.uk\/internet\/security\/0,39020457,39194163,00.htm<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-87","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/87","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=87"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/87\/revisions"}],"predecessor-version":[{"id":2574,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/87\/revisions\/2574"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=87"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=87"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=87"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}