Webappsec->General

1de705dde1cf97450678321cd77853d9

Hardening Is Hard If You're Doing It Right

March 20, 2013 Added by:Ian Tibble

The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Power to the People and the Coming AppSec Revolution

January 24, 2013 Added by:Fergal Glynn

It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

California AG Releases Mobile App Guidelines; Industry Responds

January 24, 2013 Added by:David Navetta

The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Mobile App Security Series: It’s 10pm. Do you know where your data is?

January 16, 2013 Added by:Brandon Knight

Mobile devices continue to pick up steam on becoming the primary device that many people use for email, web browsing, social media and even shopping. As we continue installing app after app which we then put our personal information in to the question is how secure are these apps?

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Who is Responsible for Application Security? Development or Security?

January 10, 2013 Added by:Matt Neely

During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...

Comments  (1)

A1f4c2dd4be7f118911ec4e0df35aab1

Here’s How The Amazing Twitter Infosec Team Helps DevOps

December 25, 2012 Added by:Gene Kim

Want to see how infosec integrates into a DevOps work stream? Watch this fantastic talk by Justin Collins, Neil Matatall, and Alex Smolen from Twitter, called “Put Your Robots To Work: Security Automation at Twitter..."

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

The Four Horsemen of the Cyber-Apocalypse: Security Software FUD

December 15, 2012 Added by:Tripwire Inc

Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood...

Comments  (1)

Bd86d2b4bd72ac0ca847696eec3759f3

Mobile Devices get means for Tamper-Evident Forensic Auditing

December 13, 2012 Added by:Michelle Drolet

In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...

Comments  (0)

14a99a86a54b134f8052222127b442c9

Gift Cards, Money Laundering, And Other Shenanigans

December 05, 2012 Added by:Jackie Singh

Well, one thing that makes the use of bank card schemes quite safe is that it’s quite a bit harder to clone the value of a card on to another. It’s certainly doable to clone the card itself and use it multiple times, but it’s going to drain the account as it is used...

Comments  (0)

296634767383f056e82787fcb3b94864

HostDime, SoftLayer, et al, Need to be Federally Bitch-Slapped For Violating Syrian Sanctions

November 30, 2012 Added by:Jeffrey Carr

When the New York Times released its story that some of the Syrian government's websites were hosted outside of Syria, I wasn't surprised to see SoftLayer as one of the hosts. They are the company that hosted StopGeorgia.ru, the Russian forum which coordinated many of the cyber attacks...

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!

November 25, 2012 Added by:Kyle Young

I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion...

Comments  (6)

4c1c5119b03285e3f64bd83a8f9dfeec

Software is Eating the World, And APIs are the Fuel For That

November 13, 2012 Added by:Ben Kepes

The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Man-in-the-Middle Redux

November 05, 2012 Added by:Tripwire Inc

This attack used to be fairly innovative. But not so much anymore. Would-be attackers can buy the basic components “off the shelf” using ready-made toolkits like Ettercap, Mallory (I love the creative use of the classic MITM name), and dsniff. If you’d like a better look at how it works, this is a good video...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked