July 12, 2012 Added by:Wendy Nather
I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...
July 10, 2012 Added by:Rafal Los
While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
June 27, 2012 Added by:gaToMaLo r. amores
What is System D? It is a term that refers to a manner of responding to challenges that requires one to have the ability to think fast, to adapt, and to improvise when getting a job done. This can be applied to hackers and of course the Tor-Onion network. They are all System D and growing because of it...
June 25, 2012 Added by:Fergal Glynn
Consumers make the mistake of trusting unreadable QR codes (unreadable by humans) that could really take a person anywhere. With all the vulnerabilities that are discovered on a regular basis with smart phones, it is only a matter of time until we see an explosion in malware for mobile platforms...
June 18, 2012 Added by:Spencer McIntyre
Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....
June 18, 2012 Added by:Headlines
"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"
June 18, 2012 Added by:Electronic Frontier Foundation
Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...
June 14, 2012 Added by:Rafal Los
Information Security hasn't figured out how to actually approach the problem of insecure code. Security is still largely seen as the "not my problem" problem. It's not that developers have singled out security as something they want to ignore - it's that they've got too many other things to worry about...
June 14, 2012 Added by:Fergal Glynn
Neglecting to take security measures at the application layer is one of the most common causes of data breaches, yet many companies still leave their applications unprotected. Securing applications begins with developer training on the risks applications face and methods required for vulnerability prevention...
June 12, 2012 Added by:Rafal Los
So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...
June 12, 2012 Added by:Rafal Los
Lots of folks are trying to remove bottlenecks between development and deployment within an organization to get IT to a more agile state. Every once in a while someone talks about security - I've been trying to figure out whether and how we should be discussing the DevOps and security relationship...
June 07, 2012 Added by:Headlines
"OTA's work to recognize best practices for sites underscores the importance of focusing on security and privacy holistically. This year's honor roll recipients have demonstrated exceptional leadership and commitment towards consumer protection and to enhance the vitality of the internet"...
May 24, 2012 Added by:DHANANJAY ROKDE
The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...
May 24, 2012 Added by:Bill Gerneglia
By allowing test teams to instantly deploy existing performance test scripts to cloud-based load generators, the load is created on pre-configured systems provisioned in the cloud. This eliminates the effort and cost related to extending the on-premise test infrastructure...
May 24, 2012 Added by:Headlines
"Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al Qaida attacks have taken on the Yemeni people... Together, they will work to pre-empt, discredit and outmanoeuvre extremist propaganda,” Hillary Clinton proclaimed...
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-18-2014
Is User Experience Part of Your Security Pla... Allan Pratt, MBA on 04-17-2014
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-17-2014