January 06, 2014 Added by:Rohit Sethi
The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.
December 02, 2013 Added by:Rohit Sethi
Ponemon Institute and Security Innovation recently made public the results of a research study they did to get an idea of the state of application security across organizations.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
November 12, 2013 Added by:Rohit Sethi
Businesses often ask for guidance on whether they need to do a manual penetration test for a specific application or if automated testing suffices. Here I try to briefly describe some of the advantages and disadvantages of each method and explain our preferred approach.
October 30, 2013 Added by:Kyle Adams
While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.
October 17, 2013 Added by:Rohit Sethi
Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.
September 25, 2013 Added by:InfoSec Institute
Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.
September 11, 2013 Added by:Rohit Sethi
Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.
August 30, 2013 Added by:Rohit Sethi
A one-sized fits all approach to Software Development Life Cycle (SDLC) security doesn’t work. Practitioners often find that development teams all have different processes – many seem they are special snowflakes, rejecting a single SDLC security program.
August 08, 2013 Added by:Jon Stout
he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.
July 31, 2013 Added by:Jon Stout
The country is at war and it is a cyber security war. The enemies are many, diverse and competent and fighting a defensive war is not the best way to win. Cyber security war is like any other war- taking the offensive will improve your chances of success. Like any other war, the cyber security war requires proper planning for success and a total winning strategy. Half hearted measures will not ...
July 30, 2013 Added by:Jon Stout
You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.
July 23, 2013 Added by:Dan Kuykendall
Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.
June 24, 2013 Added by:Larry Karisny
Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.
Compliance and Security Trends... akikah tangerang on 09-19-2014
Carberp Botnet Lifecycle Infographic... akikah tangerang on 09-19-2014
The Benefits of FUD... akikah tangerang on 09-19-2014