Blog Posts Tagged with "Application Security"


Unsafe at Any Speed: Enterprises Misunderstand Software Quality

August 13, 2012 Added by:Rafal Los

I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...

Comments  (0)


BYOD: Challenges of Protecting Data - Part Three

August 06, 2012 Added by:Rafal Los

BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...

Comments  (0)


Ticking Time-Bombs: Production Data in Non-Production Systems

August 03, 2012 Added by:Rafal Los

While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...

Comments  (0)


Leveraging Regular User Accounts to Achieve Compromise

July 31, 2012 Added by:Jake Garlie

One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...

Comments  (0)


Five Security Tips for Android Phones and Tablets

July 31, 2012 Added by:Nicholas Cifranic

Android app stores such as Google Play have little or no security implementation, so anyone with a developer account may publish applications. Although Google has been attempting to enforce more controls to detect malicious apps, hackers are still publishing malware disguised as popular applications...

Comments  (0)


Technical Considerations when Moving to the Cloud

July 29, 2012 Added by:Ben Kepes

When faced by sometimes rabidly optimistic vendors that suggest putting everything into the cloud, right away, organizations are naturally a little confused when it comes to deciding what applications to move and how to develop an incremental migration strategy...

Comments  (0)


To “Open Source” or “Not to Open Source”

July 27, 2012 Added by:Andrew Sanicola

Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...

Comments  (0)


Broken Logic: Avoiding the Test Site Fallacy

July 25, 2012 Added by:Fergal Glynn

Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...

Comments  (1)


Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)


Is There a Risk in Using My Personal Device for Work?

July 24, 2012 Added by:Robert Siciliano

“Bring your own device” (BYOD) has become widely adopted to refer to workers bringing their personal mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity. Because your employer is liable for potentially lost data, if you BYOD, plan on giving up some liberties...

Comments  (0)


ICS-CERT: Invensys Winderware Intouch 10 DLL Hijack

July 24, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...

Comments  (0)


Between You and Me, This is Not Private...

July 22, 2012 Added by:Fergal Glynn

If most websites can’t get password storage right, you can bet they can’t get storage of the content you are trusting them with right either. The private documents that you stored with your favorite cloud service are probably not encrypted in a way that only your account can decrypt, if they’re encrypted at all...

Comments  (0)


Software Security Assurance: Figuring Out the Developers

July 18, 2012 Added by:Rafal Los

From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...

Comments  (0)


Security Mistakes You Will Make on Your Next Cloud Project

July 18, 2012 Added by:Danny Lieberman

The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...

Comments  (0)


Application Layer DDoS Attacks Decline in Q2 2012

July 18, 2012 Added by:Headlines

“Q2 data showed a return to traditional infrastructure attacks and is likely a reflection of changing tools for launching DDoS attacks. With Layer 7 attacks, the risk of detection and eventual take down by law enforcement increases because these attacks disclose the IP address of the attacking botnet..."

Comments  (0)


Penetration Testing the Cloud: Three Important Points

July 17, 2012 Added by:Brandon Knight

One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »