Software
The CERT Oracle Secure Coding Standard for Java
October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
Comments (0)
Penetration Testing Tools Update: New Version of EAPeak Released
October 15, 2011 Added by:Spencer McIntyre
EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...
Comments (0)
BitDefender Internet Security Suite Review
October 10, 2011 Added by:Dan Dieterle
Let’s be honest with each other, what are the biggest problems with securing PC’s? Having an anti-virus and firewall alone will not completely protect you. You have to have your Windows patches installed, applications need to be kept up to date and you have to use secure passwords...
Comments (1)
Mobile Malware and How to Defend Against It
October 05, 2011 Added by:Dan Dieterle
A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...
Comments (0)
Backtrack Metasploit Megaprimer
September 28, 2011 Added by:Dan Dieterle
The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...
Comments (2)
Capturing Logins with Keyscan and Lockout_Keylogger
September 26, 2011 Added by:Dan Dieterle
Sometimes a penetration tester may have remote access to a user’s machine, but he may not have the password, or the user has a very long complex password that would take too long to crack. Backtrack 5′s Metasploit Framework has a utility for capturing keys pressed on a target machine...
Comments (0)
Auditing vs. Secure Software - An Inconvenient Argument
September 19, 2011 Added by:Rafal Los
You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...
Comments (0)
Do You Always Need to Install Software Updates?
September 12, 2011 Added by:Cor Rosielle
Whether it is necessary to install an available patch or not is an individual assessment for each company. To determine whether or not this is sensible, we can not blindly and without thinking install any available update. No, to determine that we must use use our brains. Ouch...
Comments (5)
Software Security Assurance - Getting the Formula Right
August 27, 2011 Added by:Rafal Los
Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...
Comments (0)
PowerShell 2.0 Protects You From Viruses
July 26, 2011 Added by:Dawn Hopper
You can imagine that when building PowerShell, Microsoft surely wanted to avoid the disaster produced by the freely-executable nature of VBScript and JavaScript on Windows systems. PowerShell was launched with some significant protections against this kind of mischief...
Comments (1)
Practical Packet Analysis Using Wireshark
July 24, 2011 Added by:J. Oquendo
I am not trying to write a scathing review, I am basing my review on experience.. I have used Wireshark since it was created in 1998 when it was called Ethereal. I have used both Wireshark and Omnipeek every single day for over a decade...
Comments (1)
Business Relevant Infosec - The Top and Bottom Lines
July 24, 2011 Added by:Rafal Los
Security isn't somehow disconnected from the business... it's part of the business. When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organization and you too...
Comments (0)
Software Security Degree Programs
July 17, 2011 Added by:Bozidar Spirovski
More institutions are providing programs and degrees focused on the security aspect of information technology than ever before. Part of the reason for this is the significant projected increase in the number of jobs available in the field...
Comments (1)
Metasploit Payloads Explained - Part 1 Continued
July 13, 2011 Added by:Rob Fuller
One of the down sides of that payload is you need to host the binary, giving up an IP/host that can be blocked. Well, Google recently allowed people to upload 'anything' to Google docs. You probably already see where I'm going with this...
Comments (0)
Wizard-Driven Software Security Testing
July 06, 2011 Added by:Rafal Los
The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?
Comments (0)
Metasploit Payloads Explained - Part 1
July 06, 2011 Added by:Rob Fuller
The structure of most payloads tell you exactly what they do, but not always. If it says in the description that it's 'Inline' that means it is a single, if it says 'Stager' that means it's staged. Lets break a few of the lesser known ones down...
Comments (1)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)