Blog Posts Tagged with "Security Testing"


BSIMM11 Observes the Cutting Edge of Software Security Initiatives

October 21, 2020 Added by:Taylor Armerding

In addition to helping an organization start an SSI, the BSIMM also gives them a way to evaluate the maturity of their SSI.

Comments  (0)


Five Key Security Questions to Ask Your Enterprise Communications Vendor

April 05, 2016 Added by:Michael Machado

The more questions you ask, the more you, as a customer, will have the information you need to determine if a cloud vendor is ready to be your partner in the shared security model that cloud computing requires. Here are five to start with for your Unified Communications as a Service (UCaaS) vendor.

Comments  (0)


A New Way of Detecting Cybersecurity Attacks

January 04, 2013 Added by:Larry Karisny

Current IDS solutions have high instances of false positives and true negatives and are extremely costly to maintain. Current IDS solutions were not designed for today's hyper connected business processes with high volume of instances. Attempting to detect misuse or anomalous behaviors requires infinite numbers of rules, patterns or algorithms, which is not possible, and is therefore the cause of ...

Comments  (0)


Some "LightReading" about Mobile Application Security

February 10, 2012 Added by:Security Ninja

Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...

Comments  (0)


Who's Logged In? A Quick Way to Pick Your Targets

October 04, 2011 Added by:Rob Fuller

Say you need to get your bearings quickly on an internal test and going into each shell and doing a PS, then looking through the list for all the users logged in is a definitely not ideal. I wrote a quick script that you can throw in the Meterpreter scripts folder to aide you a bit with this...

Comments  (0)


Post-Production Application Security Testing

May 17, 2011 Added by:Rafal Los

I've spent several meetings in the last few months reminding people that even though they perform security testing and validation of their apps before they deploy they're leaving those apps running, in some cases for years, without looking back in on them. This is a bad thing...

Comments  (0)


Critical Keys to Successful Application Security Testing

May 03, 2011 Added by:Rafal Los

Keeping up with the amount of applications being released can often lead to more subtle issues. We can all say with relative confidence that just because an application has been tested does not make it secure - and even the best analysts & testers can miss security defects...

Comments  (0)


Why QA Doesn't Do Security Testing

January 06, 2011 Added by:Rafal Los

Just because you're checking for the existence of the password requirement, or making sure pages aren't accessible without authentication doesn't actually mean you're doing security testing. In reality, this is just a small part of the overall security testing that applications require...

Comments  (1)


How Much is Your Password Worth?

November 10, 2010 Added by:Dan Dieterle

What would it take for someone to buy your password from you? Come on, be truthful, what would it really take for someone to bribe you out of your work password? According to reports from London, a good percentage of office workers polled gladly surrendered their work password for… Chocolate...

Comments  (5)


Accelerating Assessment with MS Security Assessment Tool

March 29, 2010 Added by:Bozidar Spirovski

When working on a security assessment, it is always helpful to use an automated tool that compares the key elements to the known best practices, and generates an overview result set.

Comments  (0)