Webappsec->General

98180f2c2934cab169b73cb01b6d7587

Cyber Security and Terrorism – See Something, Say Something

August 08, 2013 Added by:Jon Stout

he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Cyber Security – Is Offensive Cyber Security Necessary?

July 31, 2013 Added by:Jon Stout

The country is at war and it is a cyber security war. The enemies are many, diverse and competent and fighting a defensive war is not the best way to win. Cyber security war is like any other war- taking the offensive will improve your chances of success. Like any other war, the cyber security war requires proper planning for success and a total winning strategy. Half hearted measures will not ...

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Top Secret SCI Jobs - The Value of Smaller Contractors

July 30, 2013 Added by:Jon Stout

You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.

Comments  (0)

72462991dba2e16e1588d4af1293ae58

Why SQL Injection Still Plagues Us

July 23, 2013 Added by:Dan Kuykendall

Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Cyber Attacks the Reality, the Reason and the Resolution Part 3

June 24, 2013 Added by:Larry Karisny

Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.

Comments  (0)

Af2769c2480db78c589b811b428782b0

PHP and Application Security

June 10, 2013 Added by:Lee Mangold

The low barrier-of-entry for PHP allows inexperienced developers act like engineers and publish insecure code. These developers may be developing useful stuff, but they simply don't understand security.

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Steps Toward Weaponizing the Android Platform

May 13, 2013 Added by:Kyle Young

In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool.

Comments  (2)

306708aaf995cf6a77d3083885b60907

Infographic: Keeping Web Applications Safe

May 09, 2013 Added by:Mike Lennon

Continuing the security industry trend of publishing infographics, the folks at Enterprise Strategy Group published an infographic that illustrates some of the challenges associated with web application security.

Comments  (1)

5c549756b3c0b3d5c743158a72ce3809

Do You Have a Vendor Security Check List? You Should!

May 09, 2013 Added by:Michael Fornal

A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work

May 08, 2013 Added by:Rohit Sethi

Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.

Comments  (1)

B3686baa29e6fe1c9c2e3feb0f9ebf99

Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Takeaways from the 2013 Verizon Data Breach Investigations Report for Software Development Teams

April 29, 2013 Added by:Rohit Sethi

The 2013 Verizon Data Breach Investigations Report has some important data for software development teams, particularly when considering the likelihood of certain threats to your system.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Raising the Bar on Application Security Due Diligence

April 24, 2013 Added by:Rohit Sethi

Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Google: Black Hat or White Hat?

April 23, 2013 Added by:Larry Karisny

Google has a perfect opportunity to be a leader in cybersecurity. Google’s recent network -- and acquisitions and hires -- in Austin, Texas, is an opportunity to do security right the first time.

Comments  (1)

65c1700fde3e9a94cc060a7e3777287c

Protect Data Not Devices?

April 05, 2013 Added by:Simon Moffatt

As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Debunking Myths: Penetration Testing is a Waste of Time

April 04, 2013 Added by:Rohit Sethi

Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »