Blog Posts Tagged with "Application Security"
BYOD: Challenges of Protecting Data - Part Three
August 06, 2012 Added by:Rafal Los
BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...
Comments (0)
Ticking Time-Bombs: Production Data in Non-Production Systems
August 03, 2012 Added by:Rafal Los
While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...
Comments (0)
Leveraging Regular User Accounts to Achieve Compromise
July 31, 2012 Added by:Jake Garlie
One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...
Comments (0)
Five Security Tips for Android Phones and Tablets
July 31, 2012 Added by:Nicholas Cifranic
Android app stores such as Google Play have little or no security implementation, so anyone with a developer account may publish applications. Although Google has been attempting to enforce more controls to detect malicious apps, hackers are still publishing malware disguised as popular applications...
Comments (0)
Technical Considerations when Moving to the Cloud
July 29, 2012 Added by:Ben Kepes
When faced by sometimes rabidly optimistic vendors that suggest putting everything into the cloud, right away, organizations are naturally a little confused when it comes to deciding what applications to move and how to develop an incremental migration strategy...
Comments (0)
To “Open Source” or “Not to Open Source”
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
Comments (0)
Broken Logic: Avoiding the Test Site Fallacy
July 25, 2012 Added by:Fergal Glynn
Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...
Comments (1)
Deploying Code Faster as a Security Feature?
July 24, 2012 Added by:Rafal Los
What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...
Comments (1)
Is There a Risk in Using My Personal Device for Work?
July 24, 2012 Added by:Robert Siciliano
“Bring your own device” (BYOD) has become widely adopted to refer to workers bringing their personal mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity. Because your employer is liable for potentially lost data, if you BYOD, plan on giving up some liberties...
Comments (0)
ICS-CERT: Invensys Winderware Intouch 10 DLL Hijack
July 24, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...
Comments (0)
Between You and Me, This is Not Private...
July 22, 2012 Added by:Fergal Glynn
If most websites can’t get password storage right, you can bet they can’t get storage of the content you are trusting them with right either. The private documents that you stored with your favorite cloud service are probably not encrypted in a way that only your account can decrypt, if they’re encrypted at all...
Comments (0)
Software Security Assurance: Figuring Out the Developers
July 18, 2012 Added by:Rafal Los
From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...
Comments (0)
Security Mistakes You Will Make on Your Next Cloud Project
July 18, 2012 Added by:Danny Lieberman
The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...
Comments (0)
Application Layer DDoS Attacks Decline in Q2 2012
July 18, 2012 Added by:Headlines
“Q2 data showed a return to traditional infrastructure attacks and is likely a reflection of changing tools for launching DDoS attacks. With Layer 7 attacks, the risk of detection and eventual take down by law enforcement increases because these attacks disclose the IP address of the attacking botnet..."
Comments (0)
Penetration Testing the Cloud: Three Important Points
July 17, 2012 Added by:Brandon Knight
One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...
Comments (1)
A Step-by-Step Guide for Choosing the Best Scanner
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
Comments (0)
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor
- Enterprise Software Security - The Fake Choice Between Fast and Secure
- BSidesLV Preview: Vulnerabilities in Application Whitelisting
- Scangate Re-visited: Vulnerability Scanners Uncovered