Software

82ac4cd789b46af43c0cde730625317e

Common Errors in Firewall Configurations

December 06, 2011 Added by:Christopher Rodgers

With the "ANY" port accessible vulnerability, clear text protocols could be used when both a secure and less secure clear text service are running on the same system, and vulnerabilities found for specific services such as SMB could be launched against vulnerable machines...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Challenges for Software Security Professionals

December 02, 2011 Added by:Rafal Los

So what catches your attention? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise? My eye gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang, we're a cynical bunch aren't we...

Comments  (1)

Af9c34417f8e5e0d240850bb353b5d40

Free From Defect Software License

November 22, 2011 Added by:Keith Mendoza

This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?

Comments  (2)

3750d420f6c2a9844b529978894dc0be

Does Software Security Suffer When the Customer is No Longer Master?

November 22, 2011 Added by:Josh Shaul

When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...

Comments  (2)

8c4834b99847b9f7c9ee94b45df086f9

The Importance of Software Updating

November 21, 2011 Added by:Emmett Jorgensen

There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Registry Analysis with Reglookup

November 10, 2011 Added by:Andrew Case

This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Fine Line Between Software Defects and Features

November 09, 2011 Added by:Rafal Los

When we find a bug in software that has the potential for causing security-related issues, we want to convince the business to fix the issue, remediate the problem that we find. Only thing is, while we see it as a security vulnerability the business sees it as a critical feature...

Comments  (1)

Bdcd1324539ec513ff7c10014b9668b6

Open Source Registry Decoder 1.1 Tool Released

November 02, 2011 Added by:Andrew Case

We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)

7b072d611db66025d89ff3137dcddfb3

Gleg releases Ver 1.7 of the SCADA+ Exploit Pack

October 24, 2011 Added by:Joel Langill

On October 20, Gleg released version 1.7 of the SCADA+ Exploit Pack for the Immunity Canvas framework, though this time around, I do not see a lot of unique value in the code updates. Modules of interest in this release represent the bulk of the ICS/SCADA vulnerabilities disclosed in September...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Analysis of the October 2011 Oracle CPU Database Patches

October 19, 2011 Added by:Alexander Rothacker

Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

The CERT Oracle Secure Coding Standard for Java

October 18, 2011 Added by:Ben Rothke

The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

BitDefender Internet Security Suite Review

October 10, 2011 Added by:Dan Dieterle

Let’s be honest with each other, what are the biggest problems with securing PC’s? Having an anti-virus and firewall alone will not completely protect you. You have to have your Windows patches installed, applications need to be kept up to date and you have to use secure passwords...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Mobile Malware and How to Defend Against It

October 05, 2011 Added by:Dan Dieterle

A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack Metasploit Megaprimer

September 28, 2011 Added by:Dan Dieterle

The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...

Comments  (2)

Page « < 3 - 4 - 5 - 6 - 7 > »