Blog Posts Tagged with "Application Security"
The Fine Line Between Software Defects and Features
November 09, 2011 Added by:Rafal Los
When we find a bug in software that has the potential for causing security-related issues, we want to convince the business to fix the issue, remediate the problem that we find. Only thing is, while we see it as a security vulnerability the business sees it as a critical feature...
Comments (1)
Small Goals Lead to Bigger Results
November 01, 2011 Added by:Joshua Lochner
Based on application flows and the importance placed on a web presence, the goal is to configure notification level alerts to be sent to the System Administrators for security related events from the three servers in the front-end web server cluster, and configure emergency alerts...
Comments (0)
Effective Software Security Starts and Ends with Requirements
October 28, 2011 Added by:Rafal Los
Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...
Comments (0)
Securing Mobile Data at the Application Layer
October 23, 2011 Added by:Steven Fox, CISSP, QSA
The OWASP Mobile Security Project focuses on the security of the applications. According to its contributors, it “is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications...”
Comments (0)
The CERT Oracle Secure Coding Standard for Java
October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
Comments (0)
The Difficulty in Measuring the Performance of Infosec
October 13, 2011 Added by:Rafal Los
In the systems management world, it's about performance, deployment consistency, and uptime - metrics that can be quantified. This pattern repeats for applications and critical systems, and just about every other component of information technology - except, it seems, Information Security...
Comments (0)
News Applications: Considerations and Dangers
October 12, 2011 Added by:Joel Harding
The next wave of cyber attacks will come through smart phones, cell phones and their data networks. Smart phones are almost ubiquitous and attacks launched either using the smart phones or attacking smart phones will be devastating on a scale we have not seen to date...
Comments (0)
Scanning Applications Faster - A Chicken vs. Egg Problem
October 09, 2011 Added by:Rafal Los
We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...
Comments (0)
AmEx Secures Website Admin Debugging Panel Error
October 06, 2011 Added by:Headlines
“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...
Comments (0)
Mobile Malware and How to Defend Against It
October 05, 2011 Added by:Dan Dieterle
A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...
Comments (0)
Dynamic Application Security Testing (DAST)
October 05, 2011 Added by:Rafal Los
Dynamic Application Security Testing (DAST) is one of the long-standing staples of Software Security Assurance, and has been the anchor by which many organization have boot-strapped their efforts to write better code. Whether this is the correct approach or not is not the question...
Comments (0)
HTC Android Devices are Leaking Sensitive User Data
October 03, 2011 Added by:Headlines
"The only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door..."
Comments (0)
Smartphones and Banking Application Security
September 22, 2011 Added by:Brent Huston
As device manufacturers continue to add processing power and storage capacity, and platform vendors provide more applications for generating and consuming data, security will become a greater concern as attackers look upon it as their new playground...
Comments (2)
NIST Guidelines: Security Content Automation Protocols
September 20, 2011 Added by:Headlines
Bringing order and security to the patchwork quilt of computing environments in a large organization can be a daunting task. NIST recently released four new publications that detail specifications to be used by the latest version of the Security Content Automation Protocol (SCAP)...
Comments (0)
Auditing vs. Secure Software - An Inconvenient Argument
September 19, 2011 Added by:Rafal Los
You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...
Comments (0)
Full Frontal: Is it OK to Expose Weaknesses?
September 18, 2011 Added by:David Martinez
While it might be interesting and a bit exciting finding vulnerabilities in systems, keep in mind that reporting them to the appropriate people might be more hassle then it’s worth, especially when your doing it pro bono, as I discovered...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)