Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Top Links You Must Click On


CORRECTING and REPLACING Zscaler Uncovers Security Vulnerabilities in ESPN ScoreCenter Mobile App

Please replace the release with the following corrected version due to multiple revisions.

The corrected release reads:

ZSCALER UNCOVERS SECURITY VULNERABILITIES IN ESPN SCORECENTER MOBILE APP

Security Risks Present in ESPN ScoreCenter Highlight More Widespread Security Problems With Mobile Apps

Zscaler®, the leading provider of Security Cloud services for the mobile, social, everywhere enterprise, today revealed that ESPN ScoreCenter, one of the most popular mobile sports apps on the market, has significant security vulnerabilities that could compromise users’ mobile devices, including the threat of data theft. See this blog post for more background information: http://research.zscaler.com/2013/01/mobile-app-wall-of-shame-espn.html. The flaws were unearthed using Zscaler Application Profiler (ZAP), the free online tool that makes it easy to assess mobile apps for security risks. ESPN said it is looking into the vulnerabilities in the ScoreCenter app.

The security vulnerabilities with the ESPN ScoreCenter app highlight a growing security problem as mobile apps proliferate and basic security measures are overlooked in the development process.

“It’s important to remember that many mobile apps are not native applications—they’re essentially web pages displayed in a WebView control, or even just web content mixed in with native controls,” said Michael Sutton, VP, Security Research, Zscaler ThreatLabZ. “As such, vulnerabilities common to web applications can also occur in mobile apps. Users should be aware that such vulnerabilities in mobile apps often remain hidden, as apps don’t have the same visual indicators to show that data is being sent insecurely.”

First, by displaying basic web content without properly sanitizing user-supplied input, ESPN ScoreCenter exposes a cross-site scripting (XSS) flaw. Therefore, active content such as JavaScript can be injected into the app. Second, ESPN ScoreCenter passes authentication credentials in clear text when an account is first created. By sending the password in clear text, ESPN ScoreCenter enables anyone sniffing traffic on the network to easily steal that key piece of information.

The flaws were discovered using ZAP, Zscaler’s Application Profiler. ZAP is an easy to use, free online tool where users can search the name of any iOS or Android app, and receive an instant assessment of its security and privacy risks, along with an overall risk score. Users can also use ZAP to scan traffic from an app installed on their device to see whether their own data is being exposed. No security expertise is needed to use ZAP. As more users submit mobile apps for analysis, Zscaler’s ThreatLabZ team adds the results to the ZAP database, in effect crowdsourcing the security profiles of thousands of mobile apps.

About Zscaler

Zscaler is transforming enterprise security with the world’s largest security cloud built from the ground up to safely enable users doing business beyond the corporate network. Zscaler’s security cloud processes over 8 billion transactions a day with near-zero latency to instantly secure over 10 million users in 180 countries, with no hardware or software required. More than 3,500 global enterprises are using Zscaler today to simplify their IT operations, consolidate point security products, and securely enable their business for mobility, cloud and social media. For more information, visit us at www.zscaler.com.

Zscaler® and the Zscaler Logo are trademarks of Zscaler, Inc.

All other trademarks are the property of their respective firms.

About Business Wire
Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Enterprise Open Source Magazine Latest Stories . . .
The Log Shipper Poll results are in! We run Logsene here at Sematext, so we wanted to know what people like to use to ship their logs. Before we share the results, a few words about the poll: We published it here on our blog on September 22, 2014 We automatically tweeted it and p...
"Our premise is Docker is not enough. That's not a bad thing - we actually love Docker. At ActiveState all our products are based on open source technology and Docker is an up-and-coming piece of open source technology," explained Bart Copeland, President & CEO of ActiveState Software,...
Apache Spark is an open-source, large-scale data processing engine built on top of the Hadoop Distributed File System (HDFS) and enables applications in Hadoop clusters to run up to 100x faster in memory, and 10x faster even when running on disk.  So it’s not surprising the usage of Sp...

I once said on stage at Glue that the reason I loved node.js was, quite frankly, that it's a language and with a programming language you can do, well, anything.

But like most things just because you can, doesn't always mean you

OSCON – O'Reilly Open Source Convention – taking place July 20–24, 2015, in Portland, Oregon, is where all of the pieces come together: developers, innovators, businesspeople, and investors. In the early days, this trailblazing O'Reilly event was focused on changing mainstream business...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021




SYS-CON Featured Whitepapers
ADS BY GOOGLE