Leaked Data and Credentials: Cracked Web Applications

September 25, 2013 Added by:InfoSec Institute

Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.

Comments  (0)


Why Remediating Assessment Results Might be Harmful to Your Business

September 11, 2013 Added by:Rohit Sethi

Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.

Comments  (0)


The Three Patterns of Software Development for SDLC Security

August 30, 2013 Added by:Rohit Sethi

A one-sized fits all approach to Software Development Life Cycle (SDLC) security doesn’t work. Practitioners often find that development teams all have different processes – many seem they are special snowflakes, rejecting a single SDLC security program.

Comments  (8)


Cyber Security and Terrorism – See Something, Say Something

August 08, 2013 Added by:Jon Stout

he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.

Comments  (0)


Cyber Security – Is Offensive Cyber Security Necessary?

July 31, 2013 Added by:Jon Stout

The country is at war and it is a cyber security war. The enemies are many, diverse and competent and fighting a defensive war is not the best way to win. Cyber security war is like any other war- taking the offensive will improve your chances of success. Like any other war, the cyber security war requires proper planning for success and a total winning strategy. Half hearted measures will not ...

Comments  (0)


Top Secret SCI Jobs - The Value of Smaller Contractors

July 30, 2013 Added by:Jon Stout

You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.

Comments  (0)


Why SQL Injection Still Plagues Us

July 23, 2013 Added by:Dan Kuykendall

Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.

Comments  (0)


Cyber Attacks the Reality, the Reason and the Resolution Part 3

June 24, 2013 Added by:Larry Karisny

Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.

Comments  (0)


PHP and Application Security

June 10, 2013 Added by:Lee Mangold

The low barrier-of-entry for PHP allows inexperienced developers act like engineers and publish insecure code. These developers may be developing useful stuff, but they simply don't understand security.

Comments  (0)


Steps Toward Weaponizing the Android Platform

May 13, 2013 Added by:Kyle Young

In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool.

Comments  (10)


Infographic: Keeping Web Applications Safe

May 09, 2013 Added by:Mike Lennon

Continuing the security industry trend of publishing infographics, the folks at Enterprise Strategy Group published an infographic that illustrates some of the challenges associated with web application security.

Comments  (4)


Do You Have a Vendor Security Check List? You Should!

May 09, 2013 Added by:Michael Fornal

A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.

Comments  (0)


Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work

May 08, 2013 Added by:Rohit Sethi

Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.

Comments  (1)


Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (4)


Takeaways from the 2013 Verizon Data Breach Investigations Report for Software Development Teams

April 29, 2013 Added by:Rohit Sethi

The 2013 Verizon Data Breach Investigations Report has some important data for software development teams, particularly when considering the likelihood of certain threats to your system.

Comments  (0)


Raising the Bar on Application Security Due Diligence

April 24, 2013 Added by:Rohit Sethi

Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »