Items Tagged with "Application Security"
KeePass Vulnerability Exposes Password Lists
June 28, 2012 Added by:Headlines
“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...
Comments (1)
Five Reasons Why You Need an Application Security Program
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
Comments (0)
In Secure Programming, the Documentation Matters Too
June 28, 2012 Added by:Keith Mendoza
Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...
Comments (0)
Security and Privacy for Microsoft Office 2010 Users
June 27, 2012 Added by:Ben Rothke
Encryption, privacy, data protection, and macro security are but a few of the vital capabilities for anyone using Microsoft Office - or any office suite for that matter. Author Mitch Tulloch shows how to take control of the Microsoft Office 2010 experience and use the many security and privacy features...
Comments (0)
The Resilient Enterprise: Learning to Fail Part 2
June 25, 2012 Added by:Rafal Los
Failing with the support of a DevOps tribe can lead to a more resilient enterprise and ultimately better enterprise security. In the following few sections we're going to take a look at combining tools, processes and the tribe mentality to solve some otherwise ugly problems - and come out the other side...
Comments (0)
The Resilient Enterprise: Learning to Fail
June 22, 2012 Added by:Rafal Los
If the agile enterprise is to become a reality, not just something we talk about and write books about, then it needs to be a core ideal, served by every technical and non-technical function and products and services to enable that core ideal. The road to the agile enterprise starts with an awakening to DevOps...
Comments (0)
Static Analysis: Hopper’s Decompiler Feature
June 22, 2012 Added by:Fergal Glynn
After reading this tutorial, hopefully binaries will appear less inscrutable and magical, and you will understand why reverse engineers laugh in the face of programmers who think no one will understand their awesome secret algorithm without the source code. Don’t count on “but it’s compiled” as a security feature...
Comments (0)
The Five Most Important Reasons to Perform Network Auditing
June 21, 2012 Added by:Dan Dieterle
Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...
Comments (1)
ZitMo Trojan Lurks in Android Security Suite Premium App
June 19, 2012 Added by:Headlines
"One of the remote server domains was registered using the same fake data which was used for registering ZeuS C&Cs back in 2011. And the malware’s functionality is almost the same as in old ZitMo samples. Therefore ‘Android Security Suite Premium’ = New ZitMo"...
Comments (0)
SecureState Contributes to the SQLMap Project
June 18, 2012 Added by:Spencer McIntyre
Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....
Comments (0)
No Copyrights on APIs: Judge Defends Interoperability and Innovation
June 18, 2012 Added by:Electronic Frontier Foundation
Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...
Comments (0)
Software Security is a Business Problem
June 14, 2012 Added by:Rafal Los
Information Security hasn't figured out how to actually approach the problem of insecure code. Security is still largely seen as the "not my problem" problem. It's not that developers have singled out security as something they want to ignore - it's that they've got too many other things to worry about...
Comments (0)
Thirteen Tips to Secure Your Virtual Machine Environment
June 14, 2012 Added by:Brent Huston
Virtual environments are becoming more popular, enabling multiple OS environments and providing disaster recovery solutions. Safeguarding your virtual environment is vital, though it doesn’t have the same issues as a physical environment. Here are a few tips to keep things running smoothly...
Comments (0)
LulzSec Reborn vs Twitter and OAuth Security Issues
June 13, 2012 Added by:Pierluigi Paganini
The third-party authentication process implements the open standard for authorization, or OAuth, that allows users to share private resources stored on one site with another. The hack raises a serious question regarding the security level ensured by third-party authentication processes...
Comments (0)
The Path to NoOps is Through the Cloud
June 12, 2012 Added by:Rafal Los
So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...
Comments (0)
What's in a Name: Does DevOps Need a Security Flavor?
June 12, 2012 Added by:Rafal Los
Lots of folks are trying to remove bottlenecks between development and deployment within an organization to get IT to a more agile state. Every once in a while someone talks about security - I've been trying to figure out whether and how we should be discussing the DevOps and security relationship...