Webappsec->General

A1f4c2dd4be7f118911ec4e0df35aab1

Here’s How The Amazing Twitter Infosec Team Helps DevOps

December 25, 2012 Added by:Gene Kim

Want to see how infosec integrates into a DevOps work stream? Watch this fantastic talk by Justin Collins, Neil Matatall, and Alex Smolen from Twitter, called “Put Your Robots To Work: Security Automation at Twitter..."

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

The Four Horsemen of the Cyber-Apocalypse: Security Software FUD

December 15, 2012 Added by:Tripwire Inc

Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood...

Comments  (1)

E85787adcaf7bca10e799cfd1cfd08f1

Mobile Devices get means for Tamper-Evident Forensic Auditing

December 13, 2012 Added by:Michelle Drolet

In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...

Comments  (0)

14a99a86a54b134f8052222127b442c9

Gift Cards, Money Laundering, And Other Shenanigans

December 05, 2012 Added by:Jackie Singh

Well, one thing that makes the use of bank card schemes quite safe is that it’s quite a bit harder to clone the value of a card on to another. It’s certainly doable to clone the card itself and use it multiple times, but it’s going to drain the account as it is used...

Comments  (0)

296634767383f056e82787fcb3b94864

HostDime, SoftLayer, et al, Need to be Federally Bitch-Slapped For Violating Syrian Sanctions

November 30, 2012 Added by:Jeffrey Carr

When the New York Times released its story that some of the Syrian government's websites were hosted outside of Syria, I wasn't surprised to see SoftLayer as one of the hosts. They are the company that hosted StopGeorgia.ru, the Russian forum which coordinated many of the cyber attacks...

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!

November 25, 2012 Added by:Kyle Young

I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion...

Comments  (6)

4c1c5119b03285e3f64bd83a8f9dfeec

Software is Eating the World, And APIs are the Fuel For That

November 13, 2012 Added by:Ben Kepes

The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Man-in-the-Middle Redux

November 05, 2012 Added by:Tripwire Inc

This attack used to be fairly innovative. But not so much anymore. Would-be attackers can buy the basic components “off the shelf” using ready-made toolkits like Ettercap, Mallory (I love the creative use of the classic MITM name), and dsniff. If you’d like a better look at how it works, this is a good video...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

IP Analysis with AV Tracker

November 04, 2012 Added by:Rob Fuller

Ever set up a multi/handler and get an odd IP hitting it? You might have just been caught. AV Tracker is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other submit-your-malware-here drop boxes use...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Third Party Application Analysis: Best Practices and Lessons Learned

November 02, 2012 Added by:Fergal Glynn

Communication and execution are crucial to successful third party analyses. A huge contributing factor for these best practices is project management. Project management activities such as status meetings, enterprise follow-ups, and open discussions will facilitate the analysis process...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Ask The Experts: Online Banking

October 24, 2012 Added by:Brent Huston

Instead of using your actual name as your login, why not use something different that is hard to guess and doesn’t reveal anything about your identity? It always pays to make it as tough on the cyber-criminals as possible..

Comments  (0)

A1f4c2dd4be7f118911ec4e0df35aab1

Believe It or Not, DevOps and Infosec Are a Perfect Culture Match

October 14, 2012 Added by:Gene Kim

By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...

Comments  (0)

32137b352537f11c1efe063869f00e0e

Java, Flash, and the Choice of Usability Over Security

September 10, 2012 Added by:Le Grecs

Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Securing Your Application Perimeter: Getting Results

September 08, 2012 Added by:Fergal Glynn

What applications should you be testing? Just because the discovery process identifies 300 web applications doesn’t mean that you’d want to test the 30 that clearly should be decommissioned...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Google Wallet: Please Tell Me They’re Joking...

September 08, 2012 Added by:Joel Harding

No computer in the world is safe from a determined hacker. Most of us don’t properly secure our computer, our smart phone, or even our wallets. So how in the heck does storing your credit and debit card information “in the cloud” help you secure your already vulnerable information?

Comments  (1)

01ceb9281b3fb3dbb90c3efbe327717e

eVoting Gets Real

September 03, 2012 Added by:Alan Woodward

Having written about the characteristics of reliable e-voting systems in Scientific American recently it is interesting to see that officials are now working hard to implement it.

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »