Moving from Alert-Driven to Intelligence-Driven Security

January 05, 2015 Added by:Paul Lipman

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

Comments  (1)


Pwning Networks Through Vulnerable Applications

December 08, 2014 Added by:Saurabh Harit

If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications.

Comments  (0)


“Privacy Information” Depends upon Context

December 08, 2014 Added by:Rebecca Herold

Lack of understanding of privacy, and understanding of the data that impacts privacy, is what creates many of our current privacy problems throughout private and public industries.

Comments  (0)


Security in 2015: The Internet Becomes the Corporate Network Perimeter

December 05, 2014 Added by:Paul Lipman

The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...

Comments  (0)


Phones, Phablets and Clouds - Securing Today’s New Infrastructure

December 03, 2014 Added by:Steve Durbin

Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...

Comments  (0)


What Makes a Good Security Audit?

November 10, 2014 Added by:Electronic Frontier Foundation

In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.

Comments  (0)


How to Build Up Your Secure Development

October 13, 2014 Added by:Tripwire Inc

At some point, your company is going to get the security wake-up call. Whether it’s a breach or an inquiry from an important customer that triggers it, your executives are going to call you one morning, demanding you focus on security in the development of your product.

Comments  (0)


IT Security’s Russian Roulette -- Legacy Java Vulnerabilities

October 09, 2014 Added by:Prateep Bandharangshi

The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.

Comments  (0)


Data Privacy Smoke and Mirrors

October 01, 2014 Added by:Dan Dieterle

As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…

Comments  (0)


A Fresh Approach to Building an Application Security Program

September 18, 2014 Added by:Rohit Sethi

All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.

Comments  (0)


CERT Pudding and the War on Bad SSL

September 10, 2014 Added by:Tripwire Inc

SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.

Comments  (1)


More Dot-Gov Sites Found Compromised

August 19, 2014 Added by:Malwarebytes

With the number of .gov sites we have seen that are insecure, it pays for users to be careful of potential risks they may encounter when visiting them.

Comments  (0)


Is EMET Dead?

August 18, 2014 Added by:Tripwire Inc

Exploit mitigation techniques have come a long way.

Comments  (0)


White House Website Includes Unique Non-Cookie Tracker, Conflicts With Privacy Policy

July 23, 2014 Added by:Electronic Frontier Foundation

According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.

Comments  (2)


Choosing the Right Entry Point for a Software Security Program

June 30, 2014 Added by:Rafal Los

The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.

Comments  (0)


Software Security: An Imperative to Change

June 05, 2014 Added by:Rohit Sethi

Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »