Items Tagged with "Application Security"
PCI Compliance and Tokenization
August 12, 2011 Added by:PCI Guru
Tokenization does not imply encryption. However, encryption may be used for tokenization as can one-way hashing. When encryption is used as a way to tokenize sensitive information, the system receiving the token never has the capability to decrypt the token...
Comments (1)
Adobe Releases Critical Patches for Multiple Products
August 10, 2011 Added by:Headlines
Adobe has released patches for multiple products, including Flash, Shockwave, Photoshop and RoboHelp. This is the first security update released in nearly a month, and four of the five updates are labeled as being of "Critical Severity". Summaries and links to the patches are as follows...
Comments (0)
Software Security for the Cloud - Same Pig, Shiny Lipstick
August 03, 2011 Added by:Rafal Los
The bottom line here is this - migrating to a cloud architecture doesn't magically make your applications secure... although for many SMBs this is a better option than trying to tackle this problem alone. Let's talk this through...
Comments (0)
Business Relevant Infosec - The Top and Bottom Lines
July 24, 2011 Added by:Rafal Los
Security isn't somehow disconnected from the business... it's part of the business. When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organization and you too...
Comments (0)
Wizard-Driven Software Security Testing
July 06, 2011 Added by:Rafal Los
The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?
Comments (0)
PCI SSC Nixes Certification for Mobile Payments Apps
June 30, 2011 Added by:PCI Guru
"Until such time that it has completed a comprehensive examination of the mobile communications device and payment application landscape, the Council will not approve mobile payment applications used by merchants to accept and process payment as validated PA-DSS applications..."
Comments (0)
LulzSec Disbands: The Attacks Live On
June 28, 2011 Added by:Andrew Herlands
In the end, no single technology will prevent all attacks from succeeding. Security best practices dictate implementing layers of security defenses, policies, and employee training to ensure that when one defense fails the hacker must contend with many other defense layers...
Comments (0)
Facebook's Project Spartan - Tempest in a Broken Teapot
June 24, 2011 Added by:Rafal Los
While some analyses of the super-secret Project Spartan that Facebook is supposedly working on center around the Apple vs. Facebook apps war brewing - I think the focus is something else entirely. I think the focus, from a technology perspective, is HTMLv5...
Comments (1)
Looking Beyond "Black Box Testing"
June 21, 2011 Added by:Rafal Los
When you're blindly hacking away at something you don't understand, you can't reasonably expect great results, can you? Yet people do, and vendors have tried to compensate for some of those incredibly ambitious expectations by building better parsers and black box testing tools...
Comments (0)
Worse Than Zombies: The Mobile Botnets Are Coming
June 14, 2011 Added by:Kelly Colgan
As our smartphones have become our wallets and personal computers, holding everything from banking to social network information, they’ve become targets for hackers, scammers and criminals. Our phones hold a treasure trove of data—and the bad guys know it...
Comments (0)
Google Zaps More Infected Android Applications
June 13, 2011 Added by:Headlines
"It [Plankton] has the ability to remotely access a command-and-control [C&C] server for instructions, and upload additional payloads. It uses a very stealthy method to push any malware it wants to phone... This is pretty serious..."
Comments (0)
Thoughts on Software Security Assurance from a Like Mind
June 10, 2011 Added by:Rafal Los
Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...
Comments (0)
Application Software in the Cloud – Power to the People
June 08, 2011 Added by:Danny Lieberman
We all use the term ”IT Governance” as if security of data was dependent on policy. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure...
Comments (0)
Examining the Sources of Security Incidents
June 06, 2011 Added by:Bozidar Spirovski
Security incidents come in all shapes and sizes. They can affect availability, confidentiality or integrity. Shortinfosec organized a Linkedin poll to observe the opinions of the professionals on what are the sources of security incident that they deem most frequent...
Comments (0)
Focusing on Success or Failure in IT and Infosec
June 01, 2011 Added by:Robb Reck
Information security works differently than IT. Rather than focusing on how to build a system that can meet a requirement, the security-minded will focus on how to build a system that cannot do anything but meet a requirement. The difference is subtle, but critically important...
Comments (0)
Mobile Payments Set to Dramatically Increase
May 26, 2011 Added by:Robert Siciliano
The Payment Card Industry Standards Council is not yet granting approval to any mobile payment applications. With the explosive growth of the mobile payment industry, they are holding off and waiting to see which technologies rise to the top...