Webappsec->General
Dangers of Scanning QR Codes: Interview with Eric Mikulas
June 25, 2012 Added by:Fergal Glynn
Consumers make the mistake of trusting unreadable QR codes (unreadable by humans) that could really take a person anywhere. With all the vulnerabilities that are discovered on a regular basis with smart phones, it is only a matter of time until we see an explosion in malware for mobile platforms...
Comments (0)
SecureState Contributes to the SQLMap Project
June 18, 2012 Added by:Spencer McIntyre
Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....
Comments (0)
Symantec: Internet Explorer Zero-Day Exploit in the Wild
June 18, 2012 Added by:Headlines
"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"
Comments (0)
No Copyrights on APIs: Judge Defends Interoperability and Innovation
June 18, 2012 Added by:Electronic Frontier Foundation
Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...
Comments (0)
Software Security is a Business Problem
June 14, 2012 Added by:Rafal Los
Information Security hasn't figured out how to actually approach the problem of insecure code. Security is still largely seen as the "not my problem" problem. It's not that developers have singled out security as something they want to ignore - it's that they've got too many other things to worry about...
Comments (0)
Building Secure Web Applications: An Infographic
June 14, 2012 Added by:Fergal Glynn
Neglecting to take security measures at the application layer is one of the most common causes of data breaches, yet many companies still leave their applications unprotected. Securing applications begins with developer training on the risks applications face and methods required for vulnerability prevention...
Comments (0)
The Path to NoOps is Through the Cloud
June 12, 2012 Added by:Rafal Los
So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...
Comments (0)
What's in a Name: Does DevOps Need a Security Flavor?
June 12, 2012 Added by:Rafal Los
Lots of folks are trying to remove bottlenecks between development and deployment within an organization to get IT to a more agile state. Every once in a while someone talks about security - I've been trying to figure out whether and how we should be discussing the DevOps and security relationship...
Comments (0)
OTA Introduces Online Trust Index Measuring Website Security
June 07, 2012 Added by:Headlines
"OTA's work to recognize best practices for sites underscores the importance of focusing on security and privacy holistically. This year's honor roll recipients have demonstrated exceptional leadership and commitment towards consumer protection and to enhance the vitality of the internet"...
Comments (0)
Why AppSec Won't Always Bail You Out
May 24, 2012 Added by:DHANANJAY ROKDE
The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...
Comments (0)
The Benefits of the Cloud for Performance Testing
May 24, 2012 Added by:Bill Gerneglia
By allowing test teams to instantly deploy existing performance test scripts to cloud-based load generators, the load is created on pre-configured systems provisioned in the cloud. This eliminates the effort and cost related to extending the on-premise test infrastructure...
Comments (0)
US Discloses Cyber Attacks on Al-Qaeda Websites
May 24, 2012 Added by:Headlines
"Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al Qaida attacks have taken on the Yemeni people... Together, they will work to pre-empt, discredit and outmanoeuvre extremist propaganda,” Hillary Clinton proclaimed...
Comments (2)
NoOps and the Role of Infosec in Software Development
May 23, 2012 Added by:Rafal Los
The NoOps approach to software provides an opportunity to tightly integrate security, but we've got to get it right. If you can implement security during these cycles, spend time analyzing how workstreams will flow and what tools will be used to standardize and automate...
Comments (1)
SKYPE Privacy Flaw: What Happened?
May 20, 2012 Added by:Theresa Payton
We recently learned Skype has known about a bug that shows your IP address, which can let someone track you and your account down to the city level. How long have they known about it? According to one group - for 18 months. Sometimes online services providers just don’t care...
Comments (0)
Implanted Medical Devices: Killed by Your App
May 17, 2012 Added by:Danny Lieberman
Danny Lieberman talks about the dangers of implanted cardiac devices (ICD) like pacemakers and other devices like insulin pumps, and considers that it’s only a question of time before we have a drive by execution of a politician with an implanted medical device...
Comments (0)
Software Security: A Chief Financial Officer’s Perspective
May 15, 2012 Added by:Fergal Glynn
Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)