Blog Posts Tagged with "Brent Huston"
March 02, 2012 Added by:Brent Huston
During the WWDC keynote, Brent Huston spent considerable time discussing the lack of built-in security for the iOS. Each unique identifier on numerous devices would allow possibly unwanted users to see information they shouldn’t see. In some cases, not such a bad idea...
February 21, 2012 Added by:Brent Huston
I found a new mutation of a PHP bot infector, with zero percent detection by AV software. When I decoded the PHP backdoor I got 17 AV hits on it. This leads to the question about evasion techniques and how effective anti-virus applications are at doing code de-obfuscation...
February 13, 2012 Added by:Brent Huston
Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...
February 11, 2012 Added by:Brent Huston
Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...
February 03, 2012 Added by:Brent Huston
If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...
January 25, 2012 Added by:Brent Huston
There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...
January 16, 2012 Added by:Brent Huston
Variations exist in depth, skill level, scope, reporting capability, experience, etc. Selecting security testing vendors based upon price is a bad idea. Matching specific experience, reporting styles and technical capabilities to your environment is a better solution...
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013
Projectile Dysfunction... ryan mccarthy on 12-01-2013