October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
October 15, 2011 Added by:Spencer McIntyre
EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...
October 10, 2011 Added by:Dan Dieterle
Let’s be honest with each other, what are the biggest problems with securing PC’s? Having an anti-virus and firewall alone will not completely protect you. You have to have your Windows patches installed, applications need to be kept up to date and you have to use secure passwords...
October 05, 2011 Added by:Dan Dieterle
A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...
September 28, 2011 Added by:Dan Dieterle
The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...
September 26, 2011 Added by:Dan Dieterle
Sometimes a penetration tester may have remote access to a user’s machine, but he may not have the password, or the user has a very long complex password that would take too long to crack. Backtrack 5′s Metasploit Framework has a utility for capturing keys pressed on a target machine...
September 19, 2011 Added by:Rafal Los
You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...
September 12, 2011 Added by:Cor Rosielle
Whether it is necessary to install an available patch or not is an individual assessment for each company. To determine whether or not this is sensible, we can not blindly and without thinking install any available update. No, to determine that we must use use our brains. Ouch...
August 27, 2011 Added by:Rafal Los
Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...
July 26, 2011 Added by:Dawn Hopper
July 24, 2011 Added by:J. Oquendo
I am not trying to write a scathing review, I am basing my review on experience.. I have used Wireshark since it was created in 1998 when it was called Ethereal. I have used both Wireshark and Omnipeek every single day for over a decade...
July 24, 2011 Added by:Rafal Los
Security isn't somehow disconnected from the business... it's part of the business. When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organization and you too...
July 17, 2011 Added by:Bozidar Spirovski
More institutions are providing programs and degrees focused on the security aspect of information technology than ever before. Part of the reason for this is the significant projected increase in the number of jobs available in the field...
July 13, 2011 Added by:Rob Fuller
One of the down sides of that payload is you need to host the binary, giving up an IP/host that can be blocked. Well, Google recently allowed people to upload 'anything' to Google docs. You probably already see where I'm going with this...
July 06, 2011 Added by:Rafal Los
The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?
July 06, 2011 Added by:Rob Fuller
The structure of most payloads tell you exactly what they do, but not always. If it says in the description that it's 'Inline' that means it is a single, if it says 'Stager' that means it's staged. Lets break a few of the lesser known ones down...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013