Blog Posts Tagged with "Application Security"
Are Applications and Services on the Public Cloud Secure?
September 15, 2012 Added by:Rafal Los
Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...
Comments (0)
The SDLC Knowledge Gap in Motion: DevOps to the Rescue?
September 12, 2012 Added by:Rafal Los
I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...
Comments (0)
Will the Rise of Tablets Affect Security Measures in the Workplace?
September 11, 2012 Added by:Robert Siciliano
While your company’s IT guy has a relative hold on the work laptops and desktops, and even some of the mobiles, he is quickly losing control when you bring your new Droid and connect it to the corporate network. Now he has to worry if that last app you downloaded will infect the network...
Comments (0)
Securing Your Application Perimeter: Getting Results
September 08, 2012 Added by:Fergal Glynn
What applications should you be testing? Just because the discovery process identifies 300 web applications doesn’t mean that you’d want to test the 30 that clearly should be decommissioned...
Comments (0)
Will Your Smartphone Become your Wallet?
September 05, 2012 Added by:Allan Pratt, MBA
Will all smartphone users feel comfortable transforming their them into wallets? What about security? What if you lose your phone and the person who finds it hacks into your accounts? Now, these cool capabilities don’t sound so impressive. In fact, there are some serious consequences...
Comments (0)
Securing Your Application Perimeter: What to Test for Vulnerabilities
September 05, 2012 Added by:Fergal Glynn
When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...
Comments (0)
Yandex.ru Indexing Crawler Issues
August 30, 2012 Added by:Brent Huston
Sadly, many web crawlers and index bots do not honor the rules of robots.txt. Nor do attackers who are indexing your site for a variety of attack reasons. Given the impacts that some of these indexing tools can have on bandwidth, CPU use or database connectivity, other options for blocking them are sometimes sought...
Comments (1)
Crisis Malware Threatens Virtualized Environments
August 24, 2012 Added by:Pierluigi Paganini
Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a JAR file made to look like an Adobe Flash Installer. The malware has been developed for several OSs, and a Mac version has been isolated...
Comments (0)
Which Application Testing is Right for Your Organization?
August 23, 2012 Added by:Brent Huston
Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...
Comments (0)
The Seven Qualities of Highly Secure Software
August 23, 2012 Added by:Ben Rothke
Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...
Comments (0)
A Day Without COBOL: The Crucial Role it Plays
August 21, 2012 Added by:Bill Gerneglia
Those who have labeled COBOL ‘a dying language’ should reconsider. With COBOL supporting the majority of the world’s businesses, it is impossible to dispute its viability in the enterprise. It remains a cornerstone of business-critical applications and has successfully navigated through each computing generation...
Comments (0)
The Cloud: It’s About Flexibility
August 21, 2012 Added by:Ben Kepes
As far as I’m concerned, the future will see a gradual shift from on-premise, to private cloud, to public cloud – that’s a factor of economics and scale. But the bottom line is that cloud isn’t about meeting a series of technical check boxes; it’s about meeting the needs of the business...
Comments (0)
Buggy out the Door: Externally Discovered Defects (EDD)
August 15, 2012 Added by:Rafal Los
What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...
Comments (0)
Breaking Into Security: Planet Earth Edition
August 14, 2012 Added by:Ian Tibble
As a pentest guru wannabe, you may possess extremely high levels of fuzzing, exploit coding, and reversing skills, but you will never get to use them and you will intimidate most interviewers. There are easier ways to break into systems. Security is insufficiently mature in most organizations to warrant pentesting...
Comments (0)
Unsafe at Any Speed: Enterprises Misunderstand Software Quality
August 13, 2012 Added by:Rafal Los
I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...
Comments (0)
BYOD: Challenges of Protecting Data - Part Three
August 06, 2012 Added by:Rafal Los
BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!