Foundstone Services

Foundstone Services is an independent consulting division of McAfee. Our team consists of world-class consultants with decades of real-world experience in managing risk, preventing attacks, and building successful security programs. Our comprehensive services and training courses help organizations prepare to combat emerging online threats and defend valuable assets.
This blog was written by Sarvesh Pandey. Automated security scanning has always been a challenge for applications that implement custom authentication mechanisms. Have you ever come across a scenario in which automated tools have failed to scan an application because of an authentication failure? Most automated scanners replay login requests to authenticate when a session ...
Read Blog
This blog was written by Sarvesh Pandey. Automated security scanning has always been a challenge for applications that implement custom authentication mechanisms. Have you ever come across a scenario in which automated tools have failed to scan an application because of an authentication failure? Most automated scanners replay login requests to authenticate when a session ...
Read Blog
A number of Internet connections require SSL renegotiation, a Secure Sockets Layer/Transport Layer Security process that allows the changing of the details of a handshake after a connection is made with the server. Renegotiation is required when no client-server authentication is initially required while making an SSL connection but is required later. Thus instead of ...
Read Blog
Thursday, we posted advice on creating a custom domain name for an application developed with Google’s App Engine. In this post, we will learn how to add SSL support and force the App Engine application to use only SSL. Start by obtaining an SSL certificate for your domain from an authorized certificate authority. Consider following ...
Read Blog
This blog was written by Sarvesh Pandey. Testing web applications for security flaws is sometimes difficult due to the peculiar behaviors of applications. One curious behavior is an application that modifies and validates cookies on a per-request basis—that is, every new request sent to the application must contain the valid cookie sent in the previous ...
Read Blog
This blog was written by Sarvesh Pandey. When determining black-box or gray-box application security (penetration testing), an assessor mostly concentrates on the top 10 Open Web Application Security Project vulnerabilities and rarely worries about testing race-condition issues. The general consensus is that race-condition attacks are unreliable and cannot be identified using the black-box/gray-box approach. Consultants ...
Read Blog